sb-as logo
Story image

Five major risks of letting shadow IT go unchecked

15 Nov 2018

Surely every administrator has heard of shadow IT, and probably many of you admins live in (peaceful) coexistence with these parallel, partly unknown IT infrastructures.

But just for those who might not be familiar with the concept, let's start from scratch.

Shadow IT refers to the hardware and/or software within a company that is not supported by the organisation's central IT department.

The term is often negative because it implies that the IT department has not approved the technology and may not even know that employees are using it at all.

In the field of shadow IT, complex infrastructures arise in everyday practices which are developed and built completely without the IT department - or even around them.

This ranges from manageable hardware environments to complete ERP solutions that are in daily use throughout the company, that are even using the official ERP system’s data, but are in no way accessible to the IT department.

Such independent infrastructures are often a management problem: if specialist departments are not offered adequate solutions and department heads have too much freedom in their IT decisions, situations can arise in which departmental solutions are created from the ground up.

Why is this a problem? Paessler has identified five of the most common risks that can arise from this perfect storm.

1. Cybersecurity

Hardware that is set up within a business department may not be protected by the organisation's IT security systems. There might be no firewall or virus scanner and vital firmware and software updates may not be installed.

This makes the shadow infrastructure, sensitive data, or even the entire company network vulnerable.

2. Data loss

The systems and applications running on shadow IT are very likely not part of the organisation’s backup and restore strategy.

If critical company data is lost in the event of an incident, this means substantial damage with unpredictable consequences for the company.

3. Data security

IT managers will not have an overview of how and when data is being accessed or, more worryingly, who is doing the accessing.

In the worst case, external service providers or former employees still have access to data which could lead to significant data breaches.

4. Inefficiency

Changes to hardware and software within any shadow IT may not undergo any testing.

While directly implemented systems and solutions may accelerate individual processes, due to the lack of testing they may end up stalling a series of other business processes, meaning business-critical IT resources are no longer available.

Shadow IT means double the administration and maintenance effort of systems and software - that’s if any maintenance within the shadow IT environment takes place at all.

5. Compliance

When using shadow IT, processes are often established in those specialist departments that violate the company’s existing compliance rules.

In fact, it is often the case that the introduction and use of shadow IT is already a violation of the usual company compliance rules.

For many companies, such a fundamental breach of compliance rules can threaten their very existence.

Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Cyberattacks on healthcare organisations "out of control" - Check Point
There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More