Published on October 28th, 2021 📆 | 1822 Views ⚑
0The Cybersecurity Risks Of Shadow IT: Associations Now
Shadow IT, the unsanctioned use of technology by employees, is not an uncommon conceptâand itâs becoming even more prevalent in the remote work era. An IT expert says strong policy can help solve the problem.
There are lots of cool tools out there that might make your life a little bit easierâeven if they make your IT departmentâs life a little bit harder.
If you use some piece of technology without permission, thatâs âshadow IT,â and it could create potential security or compliance issues down the road by putting data in places where it shouldnât go. It could also keep that information out of the purview of the primary network.
To be clear, shadow IT is nothing new: A 2016 Cisco study found that 80 percent of employees used software that wasnât cleared by the IT department, and just 8 percent of enterprises knew the real scope of shadow IT within their organization.
Darrell Poe, vCIO of B/Net Systems, said that shadow IT has long been something heâs observed in his various roles, including when he was the lead IT official for the National Association of Broadcasters.
âShadow IT became the thing there,â he said, noting the use of cloud tools and iPhones at a time when they were still relatively uncommon. âThey were all new and cool and folks wanted to use them, and it made their work life more efficient.â
If you donât have processes in place to take care of that, thatâs data leakage.
He noted that shadow IT rarely grows out of malicious use cases, but by the nature of it, it could take information out of a centralized location and introduce external security risks that the IT team has no real control over.
How Remote Work Has Shifted the Shadow IT Conversation
For years, the command and control structure around IT helped to shape the thinking around shadow IT. But as more tools have emerged in the workplace, that model has effectively fallen by the wayside as trends like bring-your-own-device (BYOD) and the cloud have increasingly found their way into the modern office.
In that context, shadow IT was already a big deal and a major point of concern for IT departments years ago. But the challenge is growing with the rise of remote work tools during the pandemic, as employees work on networks the employer has no control of.
âThere are no firewalls on home networks, no enterprise-grade firewalls, so thatâs huge,â Poe said.
He added that the pandemic effectively kicked existing trends around shadow IT into overdrive, which likely will create security challenges when employees do reenter the physical workplace.
Tackle Shadow IT With Better Policy
Technical solutions can be used to tackle these issuesâfor example, preventing the direct export of data from your association management system, meaning that data canât be compromised. However, Poe emphasized building policies that employees are able to live with, and are baked into basic documents, such as the employee handbook.
âWe would put a lot of the foundational IT stuff into the employee handbook, or into the IT security policy, or the disaster recovery plan, or the incident response plan,â he said. âAnd those policies generally go out to staff, and they have to signâespecially the employee handbook.â
This provides a record that theyâve acknowledged the policy, giving your organization something to point to when issues ariseâsay, when an employee leaves the organization, and has a laptop or phone to account for.
âIf you donât have processes in place to take care of that, thatâs data leakage,â he added.
Poe also recommends setting a portion of the employee handbook aside to set standards for how information is stored internallyâif, for example, the organization has agreed to use OneDrive or SharePoint, it should be stated that using a personal Dropbox is off-limits.
âYou can even take the next step of a records retention policy or an IT security policy, going more into the weeds about the specifics of what youâre using and why youâre using it,â he said.
Learn From Shadow IT to Create Better Experiences
The plus side of shadow IT is that, even if it does create challenges, it offers an effective script for improving your associationâs approach to technology.
It could be one element to improving the overall technology experience, so that employees have machines and services that better match their needs.
Poe recommended bringing together a team or technology committee to help decide on solutions for the organization.
âThat way, itâs no longer shadow IT, itâs âOK, I hear your needs,â from the IT perspective,â he said. âYeah, youâd like to use Google Mail for this, or youâd like to use Google Drive for that, or an MS messenger-type system, you know, letâs talk about it.â
If the technology falls within the organizationâs foundational policies and could improve productivity, it could be usefulâbut it also brings the IT department into the conversation.
âI think thatâs how you begin to shine light into that shadow IT approach,â he said.
Â
Gloss