Shadow IT: is your corporate security at risk?

It can’t be stressed enough. Keep your guard up online, remembering you are dealing with sensitive data or working outside of the office.  Cyberthreats are all around us, and they show no sign of slowing down. That’s why we need to take all the measures we can to protect company IT systems. But threats to a company’s security policy can also come from inside the company itself – from shadow IT. But what is shadow IT?  Is it really a problem for businesses?

Rapid developments in digital transformation, particularly the cloud, have simplified many processes within companies. But while we now enjoy new tools that boost company productivity, the digital era comes with an increase in the risks, including shadow IT. According to a study by Snow Software, employees are heavily influenced by the technology they use day to day and prefer using it in their professional environment too.

New challenges in the digital age

“The uptake of new technologies has almost always led to gaps in security, but we have found that the gaps created by the cloud pose a greater risk than we first thought, given the wealth of sensitive and critical data stored in the cloud,” said Nico Popp, Senior VP of Cloud and Information Protection at Symantec. “In fact, our research shows that 69% of companies believe that their data has already made it to the dark web and fear an increased risk of data breaches as a result of migration to the cloud.”

A major security risk

IT security is a constant source of concern for businesses. A recent study shows that 54% of companies think that their level of IT security is not good enough anymore in view of the rapid development of cloud applications. For a security policy to be really effective, the IT department must have control over its systems. As soon as employees start using unapproved tools, the risk of a security breach increases. For many, shadow IT is a very real threat that must be taken seriously and tackled head-on.

According to MagIT, shadow IT relates to hardware or software that is not supported within a company by the central IT department. The expression […] implies that the IT department has not approved this kind of technology or is not even aware that it is used by employees. And it is occurring on a considerable scale.

Shadow IT: a phenomenon of huge magnitude

In 2018, a study conducted by IT security expert association CESIN in partnership with Symantec produced some astonishing figures on the phenomenon of shadow IT. While the number of cloud applications that a business typically estimates are used varies between 30 and 40, the report revealed that an average of 1700 cloud apps are actually used within a company.

Shadow IT “has developed on the back of free online services that users are signing up for, without thinking about the risks to their company’s wealth of data,” explained Alain Bouillé, head of CESIN, with the number determined by the organization ranging from 287 to 5945 recognized and unrecognized solutions, depending on the company. “Once you discount official SaaS applications, the number of unrecognized – i.e. shadow – services is still astonishingly high,” the study’s authors noted.

Shadow IT: a valid source of concern for businesses?

Numerous studies have recently tried to understand and analyze this phenomenon. The use of shadow IT is 15 times worse than estimated by IT departments, according to CISCO. Gartner determined that 40% of IT spending is devoted to combating shadow IT. That said, a 2019 study on cloud security carried out by Bitglass indicated that concerns of a data breach through unauthorized cloud applications fell from 12% in 2018 to 5% in 2019. This shows that companies are aware that there are bigger threats than shadow IT.

Shadow IT: a hidden advantage for businesses?

While shadow IT is usually perceived as a threat to company security, a study by Entrust Datacard published in November 2019 cast the phenomenon in a different light. 77% of professionals surveyed believe that their organization could gain a substantial advantage if they allowed alternative solutions and technologies to be used as well.  In fact, almost half of those surveyed (49%) believe using technologies they know and love makes them more productive.

However, 77% thought that, by 2025, shadow IT will become a more significant problem for their business than it is today, if nothing is done about it. After all, 37% also believe that no clear internal rules are in place to govern situations when employees do use new technologies without the approval of their company’s IT department.

Slow to approve new tools

“The fact that the approval process is so slow may frustrate employees and cause them to take more security risks within their organization,” the authors of this new study explained. “Only 12% of IT departments surveyed responded to all requests for employees to use new technologies.”

Even if a company isn’t ready or willing to roll out certain technologies suggested by employees, it must still give them the tools they need to work effectively and efficiently, while keeping corporate IT security under control. This means offering tools specifically designed for professionals that provide an adequate level of security.

Oodrive by your side

With Oodrive’s file sharing solutions, you can secure your sensitive data, while still allowing your employees to work efficiently and deliver their full potential. They can work on the go without putting your IT system at risk. Meeting the most stringent certifications, Oodrive solutions do away with privacy vulnerabilities and guarantee compliance with your company’s security policy – such as secure hosting, audited code, and autonomous data management.