Shadow IT sounds malicious. But for once we’re not talking about criminal activity, but instead, the actions of often well-meaning employees.
Cloud services are those internet-based services to which we can upload data – think Dropbox, social media and webmail. Employees may be using these services for personal reasons, on their work computers, without realising that they’re doing anything wrong. They could be tempting a data breach.
It’s also quite possible that staff are using these cloud services for company business, finding a way to circumnavigate what they see as cumbersome applications and procedures. But whatever their motives, they are putting the business at risk. And now that more workers are temporarily home-based the risks are even greater.
It’s so tempting to use a cloud service that does the job quickly and easily, even if it’s not approved by the management. Think of the employee who wants to quickly transfer files to a supplier, but doesn’t want to ‘waste time’ following the correct procedure. Setting up a Dropbox folder within their personal account only takes minutes, the supplier has what they need – job done! But in doing so potentially sensitive information is now stored outside of the organisation. Whilst most files contained in this way may not pose a threat, some may. It’s quite possible that customer data is contained within files; a clear breach of data protection. If data gets into the wrong hands not only could the business face hefty fines for loss of data, but reputational damage may have long-term consequences.
Cloud-based CRM systems are another common example of platforms that provide the potential for large-scale data breaches. Marketing departments go rogue, installing their own system without the knowledge of the management, and a host of sensitive information is contained within it.
For businesses that want to remain safe, efficient, reputable, and the right side of the law it’s vital that Shadow IT is recognised and dealt with.
Staff need to understand the risks that they’re taking if they use cloud services that haven’t been approved by the business. Equally, they need to feel confident to tell management what they need to do their job efficiently. And management need to recognise the needs of their teams – if they don’t, they risk an array of unapproved cloud services being used for company business.