The IT requirements of employees are clear: flexible, adaptable and tailored to the processes of the specialist departments. In many companies this requirement is met on their own initiative – past the official infrastructure this becomes an incalculable cost and security risk.
Anyone who discovers a tool that makes work easier is seldom in compliance with the rules and regulations of the IT department. With cloud services, an account is created quickly and colleagues are easily convinced. According to a survey by the Cloud Security Alliance, only 8% of the CIOs believe they know about the secret digital infrastructure in their company. This shadow IT, or Stealth IT as it is more aptly referred to, hides from the radar of IT managers. Eco, the Association for the Internet Economy, asked 580 experts from German medium-sized companies for its IT security report – the result is clear and worrying: three quarters of those surveyed assume that a shadow IT exists in their company. Nearly 25% fear a “considerable extent”.
Parallel structures as the sword of Damocles
It is not by chance that shadow IT is the subject of an IT security report: The direct advantages of the services that employees establish in parallel to the official structures quickly fade when looking at the risks. Unauthorized IT is impossible to secure and endangers business data and processes. A study commissioned by Tenable Network Security has shown that 38% of German companies have already lost data due to unauthorised hardware and software. Failures and associated costs are imminent. The hidden IT structures float above the company’s activities like a sword of Damocles. The great uncertainty regarding existence, extent and relevance leads to the fact that nobody can say how big and sharp this sword really is. The only way to control this risk is to reduce shadow IT. A heightened awareness of the causes is essential.
Shadow IT as an opportunity for transformation
The reasons why employees use unauthorized tools and cloud services lie often in the relationship to their own IT department. At the outset there is the desire for certain capabilities of the IT used – insufficient coordination, lack of know-how and rigid budgets often prevent this desire from being reflected in the official company IT. Cloud services play a special role here. For every problem, no matter how specific, there is a cloud solution somewhere. In an interview with Harmon.ie, 48% of the “knowledge workers” surveyed admitted using unauthorized cloud services. Most of the services used in this way lack management, security and compliance features. GDPR conformity is also missing. However, the development of shadow IT can certainly have a positive influence on motivation and innovation at this point. In this respect, IT managers should see it as an opportunity. Anyone who knows what the specialist departments consider important enough to implement without following the regulations will receive valuable information for the further development or even transformation of the digital infrastructure in the company.
The key to reducing shadow IT is proximity to the needs of users. Integrating shadow IT into the company’s IT management and close coordination between the business and IT departments is necessary to design a transformation that combines flexibility and user-friendliness with company policies and legal requirements.
At Meshcloud we are strongly dedicated to help companies avoid shadow IT, by reducing the complexity of their multi-cloud environments. The Meshcloud platform provides a single pane of glass to support seamless use of multiple cloud platforms without vendor lock-in or loss of efficiency. We streamline processes by providing self-service-access to developers as well as transparency and cost control to IT leaders.