Our physical bodies are creatures of habit. It expects us to do keep the same routine on a daily basis. The same is even true of our mental psyche. Even our minds come for us to expect to stick to the same schedule, and to even use the same items, both on a personal and even professional level. Probably one of the best examples is how we use our computer, workstation, or wireless devices.
For example, we have the kinds and types of applications that we have become accustomed to using daily. Whether it be using the same Microsoft Office Suite, or even mobile apps on our smartphone, we like what we have, and we do not want to change. But then suddenly, when we are forced (well at least, required to in the workplace) to use a brand-new software application that we have never used before, we simply resist.
The primary reason for this is that it is at first glance it is completely alien to us, and we simply do not want to come out of our comfort zones to attempt to even try to learn it. We feel that it will decrease our productivity, and we know what works best for us. For instance, when the IT department where we work at makes us some another software application that we are not used to, we try to, behind the scenes try to use something else that we are very familiar with.
To illustrate, let us assume that the IT department wants us to use Microsoft OneShare going forward to back up our work-related files going forward. Well, if you have never used it before, there can be a little bit of a learning curve, and because of that, we resist to using it. Instead, we want to use something else that we have had for a long time, such as Dropbox.
While doing this might seem advantageous to us, but in the long run, it can cause serious security risks to the company that we are currently working for. This is the focal point of this article series.
What is Shadow IT?
The phenomenon just described above is known technically as “Shadow IT”. Specifically, it can be defined as follows:
“Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval. It has grown exponentially in recent years with the adoption of Cloud-based applications and services.
While Shadow IT can improve employee productivity and drive innovation, it can also introduce serious security risks to your organisation through data leaks, potential compliance violations, and more.” (SOURCE: 1).
So, why do employees still engage in this kind of activity? Apart from the “Creatures of Habit” syndrome described in the last section; employees are also simply overburdened with the entire plethora of applications that are mandated by their employer that they must use in order to accomplish their daily job tasks. Consider some of these statistics, according to a recent market research survey conducted by Skyhigh Networks:
- The average employee makes use of at least 16.8 mandated Cloud-based services;
- They also make use of 2.9 required content sharing services;
- They are required to use at least 2.8 collaboration services;
- They must use at least 2.6 social media services;
- Finally, the average employee utilises on average at least 1.3 file sharing services. (SOURCE: 2).
As a result, whenever the IT department adds on more to this list (especially given the constant explosion of new Cloud-based applications), the employee simply feels even more overwhelmed in the fear and anxiety that they will have to learn something new, which in turn will decrease their productivity levels, and could even lead to some repercussions on future employment. But apart from this, many employees simply feel that they are not getting the training they need in order to effectively learn any new, mandated software applications.
Employees want to use the software applications that they are completely accustomed to, for the pure reason to make their jobs easier, so that they can get their specific tasks done, and of course, look competent and knowledgeable in front of their direct manager. Also, employees get very discouraged when they feel that their IT department is too slow to respond to their needs, especially when it comes to solving any technical support issues in fixing the new software application, if any glitches should occur.
So, it all goes back to the thinking of: “Why should I use this new software application when nobody is supporting me in learning how to use it or even fix it? It is only going to waste my time. I am going to use something that I know will let me get my job done on time.”
Another factor that is influencing Shadow IT is that we simply live in a society and culture that demands to have everything right now, and right here, at this very moment. This is ever so true in the workplace. With the gargantuan advances in technology that are taking place in Corporate America today, upper management and the C-Suite are placing even further demands upon the productivity of their employees.
For example, if a CISO demands a threat spreadsheet from their security manager in just a two hour timespan, do you think that they will use the newest software application that they are still learning to use, or will they use something that he or she has used day in day out, such as Microsoft Excel? Most likely, they will use the latter.
Given all these factors, the trend of Shadow Management is only expected to proliferate. Consider some of these statistics:
- According to a recent study conducted by IBM, 33% of the Fortune 1,000 companies currently engage in some sort of Shadow IT; (SOURCE: 3).
- According to a specialised CIO report, 83% of the CISOs were completely unaware that Shadow Management was even occurring at their place of business or corporation. (SOURCE: 4).
Our next article will examine the specific types of Shadow IT that your business needs to be aware of.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.