Welcome!

@ThingsExpo Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski, Zakia Bouachraoui

Related Topics: @CloudExpo, Cloud Security, @ThingsExpo

@CloudExpo: Blog Post

The Answer to Shadow IT Is at Your Fingertips | @CloudExpo #Cloud

Shadow IT is used to describe information-technology systems and solutions built and used inside organizations

Buoyed by BYOD

Turn back the clock to 2008. The recession was in full swing and IT managers feeling the pinch decided to allow employees to use their own devices (in turn leading to the now ubiquitous term of bring your own device (BYOD)) to undertake their job, thus reducing capital expenditure and allowing IT managers to spend their budget elsewhere. Whether BYOD itself turned out to be good or bad is still a point of conjecture, especially when weighing up its benefits against potential security risks. What is true, however, is that it has played a big part in the current scourge of the IT Manager - Shadow IT.

If you haven't heard of the term Shadow IT yet, you will do soon. Shadow IT is used to describe information-technology systems and solutions built and used inside organisations without explicit organisational approval. It is also used, along with the term "Stealth IT", to describe solutions specified and deployed by departments other than the IT department.

Where the money goes

Staff often download and install applications to help them complete their work more effectively. New software can either help them become more efficient generally or it has become necessary to use the software due to client demands. For example, someone may install Skype because the client only wants to run conference calls via video. However, these employees may feel they cannot approach the IT department to install this software as there is too much red tape, and will be denied the request.

Gartner claims that Shadow IT regularly surpasses 30 per cent of a company's IT spend. According to Atos[1], 36 per cent of that money is being spent on file sharing software, 33 per cent on data archiving, 28 per cent on social tools and 27 per cent on analytics. The worrying primary reason for shadow IT is the IT department's inability to test and implement new capabilities and systems in a timely manner.

Pros and cons

There are undoubted benefits to Shadow IT. It lowers IT costs in a similar way to BYOD, increases flexibility, speeds up task completion and means the user isn't constantly banging on the IT admin's door. But there is a flipside. Shadow IT means no centralised IT oversight so an increase in organisational data silos, impeding cross-functional collaboration issues and increasing security risks. IT bosses are not left in the shadows, but completely in the dark on how securely corporate data is being accessed and shared by staff via unapproved application.

The security issue is unfortunately not only a critical one but a cultural one. When an employee casually uses an application such as Dropbox to transfer files there is likely to be little thought about the risk of potentially sensitive data - whether that is customer contact details, financial information or intellectual property - falling into the wrong hands. But the fallout could be catastrophic and lead to regulatory fines, customer distrust and reputational damage.

This scourge of shadow IT has been accelerated by cloud adoption and cloud-based file sharing. According to a recent survey conducted by Fruition Partners[2] of 100 UK CIOs, 84 per cent believe cloud adoption has reduced their organisation's control over IT, with a staggering nine in ten believing unsanctioned use of cloud services has created long-term security risks. Specifically, 60 per cent of respondents said there is an increasing culture of shadow IT in their organisations, with 79 per cent admitting that there are cloud services in use that their IT department is not aware of.

The perfect solution

When CIOs and IT managers search for additional security layers to protect sensitive data within an organisation, it is best to turn to technologies familiar to their staff. One perfect example is two factor authentication (2FA). The use of the technology has become widespread in the consumer realm, with consumers well versed in how to use 2FA and the importance of it to keep their own private data safe from prying eyes. The latest solutions incorporate near field communication (NFC) - used in Oyster Cards and by Apple Pay - allowing users to simply tap their smart devices to gain access to the information they need. Ironically, by installing an application all BYOD and work devices can be equipped with 2FA to ensure only authorised staff can use them.

While 2FA empowers users, CIOs and IT decision makers also benefit from a flexible solution that can be hosted how, where and when they prefer. 2FA is built to suit any business, as it supports both on premise and cloud hosting and management, making it a strong contender for any CIO changing their security systems. By using existing infrastructure, on premise deployment is often convenient, swift and straightforward, while cloud services are appropriately supported by the 2FA provider. This gives decision makers full control and flexibility over the solution, which can be rolled out to departments and employees at their discretion.

If you can't beat them, join them

Shadow IT is here to stay. IT departments need to appreciate that it is so culturally inbuilt that shutting it down is now impossible; in fact, policies punishing the use of third-party apps would more likely push rogue users deeper into the darkness. The battle that can be won is to better educate staff and make Shadow IT an integral part of the company's wider security awareness program. Some staff are aware of the problems, and will ignore them, but many just simply won't understand why what they are doing could affect the whole business.

The good news is that many of the popular shadow IT applications downloaded by staff - such as Dropbox, Skype and TeamViewer - already have the option for 2FA[3]. By not only adopting 2FA for all BYOD and work devices, but reminding users to add this layer of security to the applications they are using for their business dealings too, would give IT managers piece of mind and is the answer to Shadow IT that until now has itself resided in the shadows.


[1] http://atos.net/en-us/home/we-are/news/press-release/2015/pr-2015_03_26_...

[2] http://fp.fruitionpartners.com/category/white-papers/cio-survey-report

[3] https://twofactorauth.org/

More Stories By Steve Watts

Steve Watts is co-founder of SecurEnvoy. He brings 25 years’ of industry experience to his role at the helm of Sales & Marketing for SecurEnvoy. He founded the company with Andrew Kemshall in 2003 and still works tirelessly to grow the company in new and established markets. His particular value is market and partner strategy; having assisted in the development and design of the products, designed the pricing strategy and recurring revenue model that has been so key to the businesses growth and success.

Before starting SecurEnvoy, Steve was responsible for setting up nonstop IT, the UK’s first IT security reseller in 1994. Prior to setting out on his own, Steve worked as Sales Director at the networking and IT division of Comtec, and had started his career in office solution sales in 1986.

Outside of work, Steve is a keen rugby fan. He also enjoys sailing, mountain biking, golf and skiing

IoT & Smart Cities Stories
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.