If you bring up the topic of “shadow IT” to your head of IT, you will likely get a lecture about how employees need to follow protocol when using cloud cloud services so they don’t put the organization at risk. They’re not wrong. Without proper protection, unsanctioned tools can have significant consequences and unintentionally introduce security gaps.
But times have also changed. As Gartner defines it, “shadow IT refers to IT devices, software and services outside the ownership or control of IT organizations.” With everyone suddenly working away from the office, many aspects of everyday work can now fall under those categories. From our home Wi-Fi network to the personal smartphones or tablets we use for work, they are all outside the control of your IT team.
Shadow IT now has a mobile twist
As I write about shadow IT, you’re probably thinking about classic examples related to an office environment. Maybe someone on your marketing, after failing to get IT to set up an internal server for a new software, privately bought cloud computing and storage to stand up new services more quickly. On a more everyday basis, it’s not uncommon for someone to email documents from their locked down work laptop to their personal device so they can print out documents without restrictions.
The reality is productivity has changed, and your IT team does not have ownership of many aspects of the digital workplace. Your employees no longer work in an office, which means your perimeter-based security is obsolete. They are also likely using their personal smartphones and tablets more so they can stay productive while at home.
Here’s an example of how work has changed over the past few months. I recently had a conversation with one of our customers whose company is in retail. They told me a story of how their employees organically and unbeknownst to them started using WhatsApp on their tablets and smartphones to contact clients and keep sales going.
This is a classic case of shadow IT but with a mobile twist. To ensure they stay productive, workers started using unauthorized personal devices to send and receive potentially sensitive private and financial information on an unapproved messaging app. Even with the app having end-to-end encryption, these employees now carry sensitive information on their personal devices. Let’s not forget that most of them are also not working within the protective perimeter of their organization’s workspace.
Luckily, they are a client of ours and had full visibility into mobile threats. But this situation demonstrates how mobile devices and remote work have created an environment where shadow IT solutions could become the way workers prefer to stay productive. Without visibility, you have no control.
You need a new security strategy
In the strictest sense, we’re all likely operating a shadow IT operation right now. As we continue to work from home, each of us is using networks that our IT teams have no control over. We are also increasingly using smartphones, tablets and Chromebooks to ensure we stay productive – many of them personal devices and not issued by IT.
I think this is a great opportunity for you to rethink your organization’s security strategy and how you enable productivity. The reason shadow IT exists is due to people’s desires to stay productive. By using their personal mobile devices, your employees are finding ways to get their work done while also staying on top of their personal responsibilities. With the proper security in place, you can grant your workers the flexibility they need for productivity while also keeping your organization safe.
To learn more about how to properly secure your remote workers, you should check out our remote workforce page.