By IT Brew Staff
less than 3 min read
Definition:
When employees use hardware or software on an enterprise network without the knowledge or sign-off of the IT department, that’s considered “shadow IT.” In many cases, shadow IT can be as simple as an individual employee using a different brand of videoconferencing software than the one approved by IT staff, or relying on a new and untested AI tool to analyze a company database. In some instances, however, shadow IT is far more elaborate, like an entire team deciding they can do their work more efficiently if they use a graphics engine or data-analysis tool that hasn’t gone through the standard IT review process.
Over the past several years, IT teams have implemented different strategies to handle the risks of shadow IT. For example, many organizations reacted to the rise of smartphones and the accompanying BYOD (bring your own device) trend by asking employees to install and use approved apps on personal devices connecting to a corporate network. However, the proliferation and ease of cloud and AI services has made it more difficult for IT to control every endpoint into their organizations’ infrastructure.
Employees often engage in shadow IT because they’re unaware of the risks, and they feel that they can do their jobs better with their own tools and devices. (In a few cases, they could be engaging in malicious activities, creating significant cybersecurity risks for an organization.) In addition to the risk of data leakage and increasing the threat surface for cyberattackers, shadow IT can also lead organizations to violate their industry’s regulations and compliance laws; for instance, an employee at a medical data company using their personal cloud-storage service to store patient data.
For many organizations, implementing clear policies around shadow IT and installing tools to detect unapproved use of devices and services can reduce some of the issues. Listening to employee concerns and complaints about their tools and instituting a process to onboard apps and services they find effective may also help.
