Shadow IT – where IT is built and used inside businesses without explicit organisational approval is becoming increasingly widespread. In fact, Gartner claims that Shadow IT regularly surpasses 30 per cent of a company’s IT spend and is the top concern for CIOs in 2016[1] due to its ability to lead to compliance failures and business risks.
The security issue is unfortunately not only a critical one but a cultural one. When an employee casually uses an application such as Dropbox to transfer files there is likely to be little thought about the risk of potentially sensitive data – whether that is customer contact details, financial information or intellectual property – falling into the wrong hands.
“Shadow IT is here to stay. It is a cultural problem that needs to be addressed. Yet, shutting it down is now impossible; in fact, policies punishing the use of third-party apps would more likely push rogue users deeper into the darkness,” warns Steve Watts, co-founder of SecurEnvoy. “The battle that can be won is to better educate staff and make Shadow IT an integral part of the company’s wider security awareness program.”
When CIOs search for additional security layers to protect sensitive data within an organisation, it is best to turn to technologies familiar to their staff. One such example is two factor authentication (2FA). The use of the technology has become widespread in the consumer realm, with consumers well versed in how to use 2FA and the importance of it to keep their own private data safe from prying eyes. The latest solutions incorporate near field communication (NFC) – used in Oyster Cards and by Apple Pay – allowing users to simply tap their smart devices to gain access to the information they need.
The good news is that many of the popular shadow IT applications downloaded by staff – such as Dropbox, Skype and TeamViewer – already have the option for 2FA . “By not only adopting 2FA for all BYOD and work devices, but reminding users to add this layer of security to the applications they are using for their business dealings too, would give IT managers piece of mind and is the answer to Shadow IT that until now has itself resided in the shadows,” adds Watts.