The solution is to change the nature of the conversation between IT and employees. IT needs to recognise that unauthorised applications can add significant value to the organisation; otherwise, employees would not willingly violate company policies in order to use them. Instead of blocking these applications, IT can work together with the business to assess how the applications can be introduced and safely-enabled into the workplace.
To do this, IT needs to understand what users are already doing on the network, and sharing this information with senior administrators. From here, they can start a conversation about which unauthorised applications are in fact necessary and even needed by the business.
So how relevant is Shadow IT to the Bring Your Own Device (BYOD) trend?
The trend of BYOD is becoming more common in Asia. With an increasing number of people mixing personal and work tasks on the same device, Shadow IT becomes a key consideration for enterprises.
The problem comes from a high number of installed apps on these devices, of which some may not come from official app stores. This increases the chances that they contain malicious codes for illegal access to the network.
Palo Alto Networks commissioned a study last year which highlighted some of these risks. The 2014 Application Usage and Threat Report found many cases where cyber threats were hiding in 'plain sight', using applications like Skype and Dropbox as infiltration vectors to gain access to the network. The study emphasised the need for tougher BYOD policies and for security solutions which provide full visibility on the network.
Can you provide some insights to the key challenges of Shadow IT, as well as the risks it poses to an organisation?
The key challenge of Shadow IT stems from the difficulty of knowing which devices and applications are connected to the network.
Like BYOD, Shadow IT exposes organisations to security threats, as employees go around the company's security framework. Most employees install and use applications, such as Dropbox, hoping to streamline their work processes. However, they may be exposing their organisation to the threat of cybercrime.
In a large corporation that has hundreds of employees, it is hard to keep track of all the devices and applications. Amidst the clutter, organisations may lose the ability to control data flowing to those services, compromising the company's security.
On the flipside, what are some advantages of Shadow IT? How does it stand to benefit organisations?
Despite the risks that come with Shadow IT, it can help to increase productivity in the workplace.
Employees often turn to work and productivity applications online to streamline processes and reduce task durations. Organisations can leverage this by monitoring and identifying the applications being used. Talking to employees to understand their reasons for using such applications can help enhance their IT infrastructure.
Sign up for CIO Asia eNewsletters.