March 30, 2017 By Mike Spradbery 2 min read

Shadow IT is still a challenge for organizations. With the constant introduction of new productivity and communication tools, as well as the adoption and evolution of existing services, users are more inclined to collaborate outside of IT-sanctioned applications. It is often easier to share information using one of the apps already integrated on our phones than it is to upload it to a corporate system. But this can be risky.

Scared of Your Own Shadow?

Using a public cloud service to share what may seem like a mundane photo of a whiteboard covered in sticky notes, for example, could result in a company’s next wave of innovative ideas being stored in an insecure manner. Add to this risk the challenges of compliance and auditing, and shadow IT can become a big problem.

But unsanctioned cloud apps do enable users to be more efficient, which presents two problems. First, attempting to block access to unsanctioned services is a poor a long-term solution because people will find ways around whatever barriers you put in place. Secondly, we want our users to be efficient, and that may mean leveraging some of these cloud apps.

Building a Successful Shadow IT Strategy

It is important for IT leaders to be realistic about shadow IT, which includes everything from cloud services to bring-your-own-apps for mobile devices. It’s impossible to completely control what users are doing, but a successful strategy should include these three critical steps:

  1. Educate users on how to handle corporate data. Make sure they understand the risks of using public shared services and their responsibility to ensure that confidential, valuable or personally identifiable information (PII) is stored properly.
  2. Provide users with the tools they need. By offering a range of high-quality, approved apps, you decrease the need for users to look elsewhere.
  3. Monitor what’s going on in your organization. You need to have visibility into what services are being used, by whom, how often, for what sorts of data and how much it costs. Control access to insecure services and learn what users really need by looking at demand.

As users become increasingly tech-savvy, shadow IT will continue to exist. The potential risks can be managed with good education, alternative tooling and careful monitoring.

Learn more about IBM Cloud App Analytics

More from Cloud Security

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today