By Rajat Bhargava Posted May 20, 2015
The ominous spectre of Shadow IT has been looming large over IT organizations for a few years now. There is a lot of hushed whispering about why Shadow IT is dangerous. They say IT organizations are losing control, expenses are going up, and there’s an increasing lack of consistency.
And they’re right. These are all critical issues brought up by the menacing rise of Shadow IT. We’ll explain why – and reveal the biggest threat posed by Shadow IT of them all.
When rogue employees or departments set up a Shadow IT resource, it’s usually without the IT department’s knowledge or oversight. An IT organization that doesn’t know what is going on throughout the organization is at tremendous risk.
The IT department is marginalized while being tasked with ensuring that the IT infrastructure meets the standards and needs of the organization.
Shadow solutions in other departments around the organization may serve short-term purposes, but in reality these improvised approaches are often sub-standard and they create risk by evading oversight from IT.
Shadow IT can get expensive.
There isn’t an opportunity for the IT organization to centralize purchases and/or leverage existing relationships and software. There often tends to be dramatic duplication and waste with Shadow IT. Of course, each department works to solve their goals and needs within their budgets, but the company as a whole suffers with less optimization of resources. If every department is purchasing what they want and what works for them, common needs will have different solutions across departments. Perhaps one group will use one project management solution while a different group will use another.
Lack of Consistency
The challenge isn’t that the costs aren’t optimized, but more importantly, those two groups can’t talk to each other through their project management solutions. That’s a loss of productivity and long-term efficiency.
The Biggest Threat Posed by Shadow IT
Control, cost, and consistency are all significant risks from Shadow IT. But there is one threat that trumps all of these: security.
Shadow IT erodes the security of an organization from the inside out. It eliminates IT’s opportunity to vet solutions for their level of security. Many other departments may not even have concerns about their data or the security of the solutions. But weaknesses that exist in only one department can still lead to company-wide breaches.
The aspect of Shadow IT that poses the biggest security risk? That would probably be multiple identities. As departments add more solutions, the user credentials to log in to those are often the same as the corporate logins. Unfortunately, all of the credentials aren’t tied together to ensure a level of security (password rotation, complexity, detection of compromise, etc).
So a third party application that is compromised ends up being a significant risk to the organization. IT is never even aware because they never knew that the organization was using that third party application in the first place.
The Dangers of Shadow IT
Shadow IT can offer stopgap solutions, but not without some weighty risks. Less control, higher expenses, and lost consistency are three ways that it ultimately becomes a detriment to organizational well-being.
The top of the list? That would have to be diminished security. In a world where sites are being breached at unprecedented rates, IT needs to figure out mechanisms to help bring shadow IT into the fold, even if only to just centralize identities.
This all may seem complicated and hopeless, but there is a light at the end of the tunnel. Centralizing directory services is one of the most significant steps that organizations can take to blunt the risks of Shadow IT.