March 30, 2017 By Mike Spradbery 2 min read

Shadow IT is still a challenge for organizations. With the constant introduction of new productivity and communication tools, as well as the adoption and evolution of existing services, users are more inclined to collaborate outside of IT-sanctioned applications. It is often easier to share information using one of the apps already integrated on our phones than it is to upload it to a corporate system. But this can be risky.

Scared of Your Own Shadow?

Using a public cloud service to share what may seem like a mundane photo of a whiteboard covered in sticky notes, for example, could result in a company’s next wave of innovative ideas being stored in an insecure manner. Add to this risk the challenges of compliance and auditing, and shadow IT can become a big problem.

But unsanctioned cloud apps do enable users to be more efficient, which presents two problems. First, attempting to block access to unsanctioned services is a poor a long-term solution because people will find ways around whatever barriers you put in place. Secondly, we want our users to be efficient, and that may mean leveraging some of these cloud apps.

Building a Successful Shadow IT Strategy

It is important for IT leaders to be realistic about shadow IT, which includes everything from cloud services to bring-your-own-apps for mobile devices. It’s impossible to completely control what users are doing, but a successful strategy should include these three critical steps:

  1. Educate users on how to handle corporate data. Make sure they understand the risks of using public shared services and their responsibility to ensure that confidential, valuable or personally identifiable information (PII) is stored properly.
  2. Provide users with the tools they need. By offering a range of high-quality, approved apps, you decrease the need for users to look elsewhere.
  3. Monitor what’s going on in your organization. You need to have visibility into what services are being used, by whom, how often, for what sorts of data and how much it costs. Control access to insecure services and learn what users really need by looking at demand.

As users become increasingly tech-savvy, shadow IT will continue to exist. The potential risks can be managed with good education, alternative tooling and careful monitoring.

Learn more about IBM Cloud App Analytics

More from Cloud Security

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today