A term that you may have heard used a few times may not make complete sense, so;

What is Shadow IT?

The term Shadow IT or Stealth IT is used to represent the implementation or usage of IT services that have not been officially created or deployed by the IT department. The service or software may be free, but most likely it has been paid for with a corporate credit card that is then claimed back as an expense. Cloud services are so easy to purchase and consume, that there is a temptation by managers to just go and subscribe to a low cost service that seems to meet all of the needs that IT have not provided. Sometimes these can be hard to find, as Cloud services often just use port 80 or 443, which will largely be undetectable.

Examples of Stealth IT are;

  • Cloud application services, such as SalesForce, Cloud9, NeutronIDE,
  • Cloud storage services such as DropBox/Box/OneDrive/Google Drive and iCloud
  • Communication and chat platforms such as MSN, Skype, GoToMeeting, Webex, Slack etc.
  • Marketing services such as Mail Chimp, ActiveCampaign, Survey Monkey
  • PDF creators like CutePDF, PDF creator or Adobe PDF Creator
  • Content indexers like Copernic, Ultra Search, Agent Ransack
  • Note taking tools like OneNote, EverNote, Wunderlist

Unexpected examples of Shadow IT are;

  • Excel workbooks, and Excel macros
  • Access databases
  • Word macros
  • Email services like Hotmail, Live, Yahoo, Gmail
  • Encryption tools like TrueCrypt
  • File compression utilities like 7Zip, unRAR, jZip, Unzipper
  • USB drives and local storage – including even storage in personal network drives
READ ARTICLE:   Creating vSphere SSO groups

It is now commonly accepted that there is Stealth IT in every organisation in some form. In a study performed by Code42, it found that 75 percent of CEOs, and also more than 50% of other executives, have admitted that they themselves are using applications that are not approved by their IT department. This risks company data and productivity – and if executives and CEOs are doing it, then there is pretty much a guarantee that the rest of the organisation are doing it too!

The impact on businesses can include;

  • Silo’d data – information stored in external sources, or only accessible to a few
  • Not being backed up – resulting in information loss
  • Only the user of the system knows where the data is, and how to access it.
  • Higher risk of data leakage and disclosure – not always malicious, but can also lead to lack of compliance with the law
  • Lower appreciation of the IT department – when the Shadow IT service is better than what IT provides, who are you going to trust?
  • Wasted time – with different and non-integrated systems, where processes are not consistent, where interaction between teams needs new software or accounts, or data conversion.
  • Inconsistent business logic – if it’s not centrally controlled, then the lore of the team (or the manager’s opinion) gets implemented, sometimes not in the direction of the business
  • No integrated authentication or auditing or control of access – IT departments control who has access to data, and audit the access, but if they lose control, who can see the data?
READ ARTICLE:   Replacing old Infrastructure - a step by step guide

Related posts:

Digital Transformation and People
Save Money - by buying more disk
9 big mistakes in disaster recovery planning (DRP)
Tricks for a faster P2v
Share this knowledge