Shadow IT, also known as client IT or stealth IT, refers to information technology solutions and systems that are developed and used within organizations without explicit approval from the organization. This usually means information technology solutions that are developed and deployed outside of and without the knowledge of the IT department.
Shadow IT is often considered to be an important source of innovation, and shadow IT systems can sometimes become prototypes for approved IT systems in the future. However, shadow IT solutions are often out of step with the organization’s requirements for control, documentation, reliability, and security. Some of the other risks involved in shadow IT include hidden costs, inconsistencies with business logic, inconsistencies with business processes and methodology, inefficiencies, a higher risk of data loss, the creation of a dysfunctional environment, and a negative effect on an organization’s actual IT department. The use of shadow IT can sometimes be a wasted investment and result in non-IT workers wasting their time trying to set up and manage software systems without the proper knowledge.
This whitepaper explains how companies can set out to understand the extent of shadow IT in their business, particularly in regards to cloud computing. It shows how businesses can start managing the trend, deal with the security risks that come with it, and also give employees the ability to continue working in the ways they best see fit.
This whitepaper explains some of the risks involved in shadow IT, such as backup and recovery systems that aren’t up to organizational standards, non-compliance with regulations, lax authentication requirements, encrypted connections to services and data storage, legal issues surrounding the ownership of data in a cloud service, and the unwitting sharing of sensitive information through public links. Businesses can learn how to handle these security issues and protect their company without snuffing out the innovation that shadow IT provides.
