Shadow IT - no chance for the dark side

Shadow IT is considered a current security trend. Although it is widespread, it is given little consideration in many companies. One reason for this seems to be that the potential impact of shadow IT is considered low, as studies by the University of Applied Sciences in Konstanz show. This can have dangerous consequences. Yet it is not witchcraft to eliminate the dangers.

A first important step is to create awareness. It is important to understand the topic in its entire meaning. This starts with the term.

Shadow IT - definition and examples

Shadow IT refers to devices and tools that are used without the knowledge, approval and thus support of the IT department. This can involve hardware such as a private smartphone that an employee uses to access or edit company data. After all, bring your own device is a common practice in everyday work. But it also includes bring-your-own software. This is when employees use tools they have selected themselves, for example from the cloud, to perform tasks as part of their work for the company. In short, there are many examples of shadow IT.

Causes for shadow IT

It is equally important to understand that there is no malicious intent underlying this type of approach per se. The employees who use "their own" solutions are almost always highly motivated and see their approach as the best way to complete their tasks. Often, the company does not provide them with suitable and attractive options because, for example, it uses outdated solutions. This is confirmed by the work of the Konstanz University of Applied Sciences. It states, "A key driver of shadow IT is poor alignment between business and IT." The increased organizational distance between the two organizational units increases the probability of the emergence of shadow IT. In addition, practical experience shows that even with good alignment, shadow IT can arise if the business unit feels that its own implementation is faster.

Users are often neither aware of the risks nor the dangers posed by shadow IT - as are decision-makers and IT managers, who are not infrequently even grateful that employees take care of things themselves and are spared the effort and high costs of procuring and implementing IT. But these are misconceptions.

Vulnerabilities and risks

"By definition, shadow IT gives rise to numerous risks," says Konstanz University of Applied Sciences. This applies in particular to data security, data protection and compliance. In many cases, there is no analysis of data that needs to be protected, which means that data protection concepts can be inadequate. In addition, often neither sufficient tests are carried out nor documentation created. As a result, errors can occur in the applications. In addition, shadow IT is user-centric. This can lead to non-transparent solutions, failure risks and dependencies on individuals. Last but not least, an unnecessarily large number of different solutions are often used that are not connected via interfaces, so that data silos are created and automation that really creates efficiency and increases productivity is not possible.

Just how great the dangers and risks are becomes clear when we take a closer look at the prevalence and relevance of shadow IT. The Konstanz University of Applied Sciences found that around 55 percent of the relevant systems found were process-relevant, i.e. the execution of the process was dependent on the functionality of the shadow IT. Slightly more than a third of the shadow IT even concerned processes "that were critical to the companies' business models." The rest of the shadow IT was process-related. A recent study by research firm Gartner shows that 41 percent of employees create technology or analytics functions for internal or external business purposes and reporting outside of IT departments.

Shadow IT takes away the attractiveness

Anyone who wants to reduce or even eliminate this type of IT cannot avoid taking the requirements of users seriously and considering them accordingly. This works best when those responsible in the business departments are brought on board. Their arguments must then be reconciled with those of the IT department and solutions created that both make work easier and are secure.

A good foundation: Google Workspace. The product combines all common office applications under one interface. The range extends from e-mails to document processing and video conferencing software to calendars. In addition, more than 5,000 third-party applications can be integrated, for example for digital signatures or customer relationship management. Google supports Cloud Identity, so users have to authenticate with their Google account via one of the protocols such as SAML, oAuth, S-LDAP, etc. This creates transparency. This creates transparency. At the same time, users can easily and securely access the solutions they need via the web browser and collaborate with colleagues and business partners regardless of location and device.

With the added option of centralized management, IT has everything under control. Whether it's the use of smartphones or onboarding and offboarding - with little effort, authorizations to access business-critical data as well as applications can be granted, revoked and secure use ensured. One example of this is mobile device management. In addition, administrators can configure numerous required functions individually. If employees are also trained to use the tools correctly and made aware of the risks that unauthorized use can pose, there is no longer a dark corner for shadow IT.

So light up your entire IT landscape! We would be happy to accompany you in this process. We analyze the processes and tools used, advise you on the migration to Google Workspace, support you in the implementation and in the further development of your IT environment.