Previously in this blog, we discussed some of the basics of shadow IT, including what it is, why enterprise end users adopt it, and what risks it can create.
Unfortunately for many businesses, getting control of their employees’ vast shadow IT environment can be a challenge. Cloud applications pop up like the titular moles in “Whack-A-Mole”: everywhere and all the time.
How does the situation and Shadow IT get so big? Let’s take a moment to look at how it starts.
Every business’s shadow IT story starts with one employee. Perhaps that employee’s on a tight deadline and needs to quickly transfer a large file. Unfortunately, the file is too large for email. The employee’s only other option for rapid file transfer is to put the file in a shared drive, but maybe he’s not at the office or able to access the VPN, or maybe the person who needs the file can’t access that shared drive.
What can they do?
The employee will find a way. Most likely, they’ll create an account on a free file sharing service and upload the file there. And so it begins.
Meanwhile, in a different line of business, another employee is onsite at a client’s office and urgently needs some documents. They get in touch with a coworker and requests that they share the files with them via yet another third-party file sharing service, on which they already have a personal account. And so another instance of shadow IT is provisioned.
These scenarios and others like them play out over the coming weeks and months, with employees utilizing cloud applications whenever they find it more convenient than corporate solutions. Gradually, shadow IT proliferates all over the enterprise. The most popular consumer-facing cloud apps are free and typically fast and easy to set up, making them seem an ideal quick fix for a pressing situation.
The situation is already alarming enough, but wait! There’s more. In many cases of self-service shadow IT provisioning, end users create accounts on third-party cloud apps for an immediately pressing project or task. As time goes by, however, they forget what accounts they’ve created, what their credentials are, what files they’ve stored or shared on those services, and with whom they’ve shared the data. Corporate data—some of it perhaps sensitive or regulated—floats around unaccounted-for in the cloud, and next time those employees need to share a file with an outside party or want to store something for easy access away from the office, they create yet more cloud application accounts. And thus the shadow IT monster grows.
When you consider all the variations of this scenario playing out across every business, it should not come as a surprise that when we work with companies to perform their initial cloud application discovery and risk assessment, we often find their users are accessing hundreds of unsanctioned cloud applications, of which half or more of those are often in a single category, such as file sync and share.
The challenges of shadow IT are continuing to grow and to threaten the control and visibility of businesses data..As a result they must address this in order to manage and protect their cloud environment, lower their risks, and, ultimately, consolidate their users on a single, sanctioned version of file sync and share or other cloud applications that end users require to perform their jobs.
What’s the worst case of shadow IT you’ve seen? Tell us about it in the comments.
Get a Free Cloud Risk Assessment
Product Tour & Free Risk Assessment