Some people like surprises. Others don’t.
But when it comes to shadow IT, I think it’s safe to say that no one likes the surprise of finding it in their organization.
Even if you’ve known for a while that certain employees are using unapproved cloud applications, there are other, less obvious places that unsanctioned cloud activity can be lurking that you may not have considered.
Here’s a list of five surprising places shadow IT may be hiding out in your company and what you can do about it.
Where Is Shadow IT Hiding?
1. The Boardroom
According to a Vanson Bourne survey, 76% of business decision-makers cite senior executives as the main culprits of shadow IT. This could be for a number of reasons, but when leaders of an organization are guilty of using unsanctioned apps or sharing company information inappropriately, it can be hard to stop the habit from trickling down into other departments.
Often, companies have non-executive board members (who are not part of their day-to-day activities) who come into the organization every few months to help with policymaking and strategic planning. Sharing information with these board members can be difficult when they’re not part of the company, and it can often lead to shadow IT due to a lack of secure file sharing processes.
These non-executive board members likely use apps that have not been approved by the company, and other executives who are part of the company are likely following suit. Even something as simple as sharing boardroom reports or an email address through apps like Dropbox can have serious repercussions—but many board members don’t think of this.
2. The IT Department
Another surprising find is that, according to a Frost & Sullivan survey, IT professionals are some of the worst shadow IT offenders. In fact, 91% of IT departments use at least one unapproved cloud application, and 25% use six or more.
This is likely due to the fact that IT professionals are more familiar with a range of services and applications, so they feel they are in control of the outcome of these services. (They also just really like trying new software.)
Problems arise when they form bad practices, like testing new software in an insecure environment. It’s easy for them to download a new app to their mobile device, but if they use that app to access their back-end data system, it puts the data at risk.
3. Wireless Networks
Another place problems can hide is in wireless networks—or, more specifically, public wireless networks. Obviously, we all have mobile devices, and we use those devices to access Wi-Fi for work-related activities on networks other than our companies’. The problem with this is that you don’t know whether the apps you’re using on these networks are sending out encrypted information. If they’re not, all sorts of harmful activity could go on, and anyone could be collecting your data—something many don’t consider.
4. Third-Party Companies & Services
Shadow IT and harmful activity can occur when employees from third-party companies come into your organization. You don’t know what apps or data those employees are using your wireless network to access, and they may not follow your company cloud-usage guidelines while they’re in your facility.
Risky behavior can also happen within the third-party services your employees use. One of those services is a free online file conversion. If you use an application to convert a document to PDF, for example, you’re probably OK, but you never know who’s behind that service snooping around in the document—if they are, they could gain access to email addresses or other sensitive data.
Another potentially harmful third-party software is free online backup. You may think you’re doing the right thing for your company by performing routine backups, but in most cases, you don’t really know what’s happening to your data behind the scenes.
(The main reason free services can be risky is because they don’t have service level agreements.)
5. Apple’s iCloud
There are so many Apple devices within organizations these days that most people don’t even give them a second thought. But everything in Apple’s iCloud automatically syncs—so your data may be taken into the cloud without you even knowing. Even without iCloud getting hacked (which there is potential for), there is a chance for information to get lost or stolen, simply due to the fact that you don’t always know when and where your information has gone or who can access it.
What Can You Do?
Now that you know where shadow IT is hiding, the best thing to do is to make others in your company aware.
An easy way to do this is to create flyers, posters, or signs that say something as simple as, “Have your apps been approved?” and place them throughout your organization. In the boardroom, on bulletin boards, in restroom stalls—anywhere people will see them.
By educating and reminding people of the importance of safe, smart cloud practices, shadow IT will slowly become less prevalent, and your company can begin making the right cloud applications available.