Shadow IT – 4 Tips To Avoid The Dangers

What Is The Shadow IT Definition?

Shadow IT is where employees take it upon themselves to find and pay for unauthorised purchases of Technology Supplies and solutions that they feel they need.

When this involves cloud or other applications that can link their organisation to the wider web it creates opportunities for attackers to steal data from online services that IT is not aware of.

However, just from a pure procurement perspective it is very bad practice, as it leads to:

a) Poor value for money

b) Higher commercial risk from using unapproved suppliers

c) Introduction of products not in line with IT strategy

Organisations of all sizes are already having to cope with IT Inflation so they definitely do not need to incur additional costs through Shadow IT purchases.

Untrained and inexperienced personnel buying IT products will be totally unaware of the tactics the supply chain uses to inflate pricing.

A couple of Shadow IT examples are as follows:

* Storage Media

* Printers & other Document Machines

A full list of all potential IT products that could be affected by this practice are listed HERE

Shadow IT applications and cloud-based services can include Slack, Trello as well Gmail an Dropbox,

So what can you do to stop instances of Shadow IT and prevent your users from going maverick?

Here are a few simple ideas:

1. Communicate effectively with staff

It is important to listen to your users, as they might face challenges you are unaware of.

Talk about their needs to identify gaps in your application portfolio that need plugging.

The communication has to be a two way process so educate staff in the dangers from Shadow IT.

Demonstrate the additional costs that can be incurred and how they affect the profitability of the organisation.

Explain the Shadow IT security risks that are created when they make independent purchases.

Most staff believe that they are helping by doing their own thing but once they understand the implications of Shadow IT they will stop.

2. Make staff aware of the resources they already have

Everyone is so busy that there are real dangers that staff are not onboarded throughly and so remain unaware of all the resources that are available to them so that they can do their job effectively.

Many companies buy online productivity software services but then fail to follow through with sufficient training.

Ensure staff know about all applications and their features. Not only can it prevent Shadow IT but it can result in higher levels of productivity.

Highlight examples of Shadow IT.

These can include every day items such as cables & adapters but unless users are fully informed maverick purchases will continue.

3. Embrace low/no code technology

Low-code and no-code development platforms are tools for people who either do not know how to code or have no time to code.

Whereas these low-code and no-code frameworks are built on actual coding languages like PHP, Python, and Java, end users are not concerned with the specifics.

WordPress is a well known example.

Developing internal tools via Low-code or no-code tools could be an option to fill some gaps.

While this can help prevent them going outside of the organisation and purchasing Shadow IT there must be internal controls as well.

It is important that you create standards and governance programs to help them produce quality programs that they can share.

4. Watch your infrastructure

One very useful tool in trying to manage and negate Shadow IT is to empower the users.

However, it is equally critical that they are not left to their own devices and that they are constantly monitored as well.

Carry out a regular examination of your network traffic to identify programs potentially reaching out to locations that are operated by unauthorised services.

Google.com is likely to be safe and sound but dimitri-sneaky-crypto-file-cloud.cz could prove to provide a few nasty surprises.

It is recommended that you carry out regular audits of endpoint devices to identify all the applications that have been installed.

It will be comforting to learn that there are tools readily available to do this.

Take a look at Microsoft’s Discover and manage shadow IT ebook for an explanation of how to track down rogue services.

Empowering users is a weapon against shadow IT, but it must be monitored.

These are just a few brief points but we hope they help and ensure you remain productive, keep your infrastructure secure and also in budget.

Many Thanks

Neil

Why don’t you take time to learn how our AUTOMATED service can deliver value from your Tech supply chain HERE

Image credit: IT Security Guru

Contract Management – 8 Critical Points For Success

Contract Management - A Definition Contract management is the process of overseeing and administering the various stages of a contract, from creation to execution and beyond. It involves ensuring that all parties involved fulfil their obligations and that the...

Disaster Recovery Plan – 13 Critical Steps You Cannot Avoid

Disaster Recovery Plan - A Definition A disaster recovery plan is a documented and strategic approach that organisations follow to restore normal operations after a natural or man-made disaster. I can also be described as a business continuity plan and it...

Maverick Spend – Discover 7 Top Tips & Reap The Benefits

Maverick spending, also known as rogue spending or maverick buying, is a term used to describe purchases made within an organisation that do not comply with established procurement policies and processes. While it is not always the case these transactions are usually...

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.