- Security TWENTY
- Women in Security
Shadow IT is a very real issue facing businesses of all sizes; it encompasses every aspect of a business, writes David Meyer, VP of product at OneLogin, a San Francisco-based Identity Access Management (IAM) product company.
This includes day-to-day processes employees use to complete tasks right through to the management of IT systems. Gartner expects that by 2016, 35 per cent of enterprise IT expenditure will go on shadow IT resources. While organisations are aware of the trend, they often don’t appreciate the scale of it.
With the vast volume and variety of applications that are working their way into the IT ecosystem, businesses and their IT departments are overwhelmed. Cloud applications have become so easily accessible (all workers need is a credit card), the IT department is often ignorant of their existence. In fact, as little as 8 per cent of both small and large IT companies can say they have a good understanding of the number of unmanaged cloud apps used internally by their organisation. More apps expose more data, and the IT department struggles to remain compliant. Although the desire to control applications is not going to disappear any time soon, it shouldn’t restrict the innovation shadow IT presents to organisations willing to embrace it.
There is a question here of innovation versus risk. As the ‘millennials’ begin to enter the workforce, they bring high expectations for their working environment. Today there is a huge gap between what they expect and what they get. To attract and retain tomorrow’s workforce, organisations must adopt innovative technologies which support mobile working. By allowing loosely managed innovation, new solutions that will benefit the wider business can be found.
The reality is employees like open ways of working because it enables them to do their jobs quicker, more competitively and with better results. However with every staff member from HR to marketing working independently from the IT department and using various applications, to store, sync and share content, the company incurs extra risks. Shadow IT can become a security nightmare. So how can IT empower the business while protecting corporate data?
In order to bring down the defensive barriers and take the worry out of embracing new applications, the IT department should embrace solutions such as IDaaS, multi-factor authentication and user provisioning, which will allow them to keep the benefits but eliminate the risk. Allowing employees to freely use applications not only minimises the drain on IT resources but increases productivity and employee engagement, which helps the business, and also helps the business compete for talent.
With this in mind, organisations must ensure they embrace the many beneficial aspects of shadow IT (empowering employees), while empowering IT teams to ensure these new systems are secure and compliant. With systems such as Identity and Access Management in place, harmony can be achieved between these needs, combining business speed with operational excellence.