Why “shadow IT” practices are on the rise and why they’re a big problem.
Experts agree that 2024 will be the year that AI invades and transforms work as we know it. With this increase, cyber threats are on the rise as employees make common cybersecurity mistakes as remote work becomes the new norm. One such mistake is the rise of a new trend known as “shadow IT.” This is the unauthorized use of IT systems, hardware, software or services without the approval of the central IT department.
“Shadow IT” refers to the use of unauthorized tools to access, store, or share corporate data, or the unauthorized access of authorized tools by employees. The recent explosion in popularity of generative AI applications like ChatGPT has led to an increase in shadow AI, which is an unauthorized use of artificial intelligence.
Advantages and disadvantages of “Shadow IT”
According to one study, 80% of corporate employees have adopted “shadow IT” for convenience and productivity. They feel they can work more efficiently or effectively using their personal devices and preferred software instead of company-sanctioned IT resources.
To learn more about this phenomenon, I spoke to Kirimgerai Kirimuri, president of Flatiron Software. According to him, this phenomenon occurs when an employee chooses an easier fix than the company’s rules and uses his computer hardware or software without the knowledge or permission of his team. I asked Mr. Kilimuri why his employees resort to such discreet behavior. “We’ve seen employees unknowingly use their personal email to create accounts or sign up for services to speed up the process,” he says. . “But when they leave, they need help accessing those accounts, which delays projects.”
I also spoke via email with Christopher Budd, director of threat intelligence at Sophos Cybersecurity. He gave us several reasons why employees choose this. “One of the reasons for this, he said, is the perception that IT is ‘out of touch’ and not meeting the specific needs of individuals and organizations. Another reason could be familiarity. The individual or organization may be more familiar and familiar with the application than the one chosen by her central IT department. Another reason may be a manifestation of the “early adopter” syndrome, where individuals or organizations want to adopt new technologies faster than the formal IT group. ”
“Employees are looking for unapproved software to make their jobs easier, more efficient, better, or all three,” says Uzi, WalkMe’s chief information officer. Dvir said. He argues that companies should want their employees to work better and faster, and that there are undeniable benefits for both employers and employees from using these apps. “However, the fact that employees have to discover and use unapproved software at their own risk means that they feel something is missing from the technology tools provided. ” he added.
Kirimuri agrees that while this trend may seem beneficial on the surface, there are downsides. “While ‘shadow IT’ may seem like an easy solution to get projects done faster, its drawbacks are too significant to ignore,” he asserts. “Security standards are being violated, account recovery is a nightmare, and company resources are being utilized inefficiently.”
Christopher Budd agrees and says that from a risk management perspective, the risks are very high and the returns are negligible. “‘Shadow IT’ has no real benefits, and at best illusory benefits,” he argues. “The drawbacks are obvious and huge: Data is stored in locations that businesses don’t know about. Applications are used that have not been vetted for security, privacy, and compliance. Data can become more easily lost or stolen. There is a high risk of downloading malicious, Trojan-laden, or fake applications.Without professional IT support, the risk of mistakes and errors leading to data loss is high. These are just some of the risks, there are many more.
“Convenience is the main reason why shadow IT occurs,” says Vineet Jain, co-founder and CEO of Silicon Valley data security startup Egnyte. “Employees may use unapproved apps and services to make their lives easier, regardless of whether their employer approves the use of those apps or services. For example, in the early 2000s. , cloud technology has become more mainstream as a way for employees to access the same files and services from any device, and to share heavy files that cannot be attached to email. Before that, employees bypassed IT and used software of their own choice to access the cloud. Cloud eventually became very mainstream and an enterprise endeavor.”
“Shadow IT risks have evolved with the humanization of IT,” said Nicolas Desmarais, Chairman and CEO of AppDirect. He believes that the introduction of AI will completely expand the entire problem. “Employees are not only using unlicensed technology in their departments, but they are also now uploading sensitive company information to publicly available AI tools and training large language models daily without regulation. ” he reveals. “Platforms such as Procurement Marketplace, where IT departments can manage and monitor employees’ use of AI and technology services, move the discussion from enforcing failing IT to enabling future IT.” It will help you transition.”
How to regulate “shadow IT”
“Shadow IT” and “Shadow AI” are both a growing problem because they are invisible, with very real consequences. Kirimuri went on to say that “shadow IT” has become a more significant issue as teams purchase hardware and software without involving the IT department, leading to non-compliance with safety standards and vulnerability to hacking. He explained that it was a possibility. “Alternatively, the department may abandon the hardware, and IT must step in and reuse it to make better use of company resources,” he advises.
Dvir pointed out that it’s impossible to fully secure what you can’t see, and to provide the safest way for employees to use these tools, IT departments must We recommend that you first need to visualize the true user behavior of your employees. “The goal is to increase efficiency while minimizing risk. Fortunately, the right AI-based digital adoption platform (DAP) can help IT professionals bring “shadow IT” and “shadow AI” out of the shadows. It should provide this functionality that can be brought to light. ”
The answer to “shadow IT” is not to find a way to eliminate it, but to find a way to give employees the resources they need to achieve business goals quickly and at scale. Dvir suggested that IT departments need to step up, saying: “IT departments have a responsibility to not only provide employees with the right technical tools to do their best work in the most efficient way possible, but also to understand the true context of the company.”Team Applications and systems in which members are involved. Visibility is key to controlling the huge threat of “Shadow IT” and the rapidly growing “Shadow AI.” ”
