Milind Jadhav works at a market research firm in Mumbai. To ensure data security, the company does not allow its employees to use chat and social media sites. Employees have to take the permission of the IT head to install anyunauthorised software. However, Milind had to connect with a client in London regularly for a task and share several files. For easy communication,he installed Skype and Dropbox, which the IT team had not authorised.
This is quite a common practice in the workplace. Use of non-sanctioned cloud, SaaS (Software-as-a-Service), or personal smartphones for work is called ‘shadow IT’. Developing applications for workflow management without the involvement of the IT team is also part of shadow IT. Although it is convenient and quickens work, the practice poses several risks.
Lack of data privacy
IT teams take stringent security measures to protect applications before authorising their use.Whenever you use anunauthorised program, you put the privacy of the data stored onyour company servers at risk. That mayinclude classified information. Maintaining the confidentiality of every piece of data is of utmost importance. Continuous usage ofshadow IT breaches the privacy measures.Thus, it increases the probability of data leakage.
Enterprise security
To avoid the hassles of remembering too many passwords, employees tend to use a common password across various platforms. This can be a major threat to the company’s data. When employees use the same password for the company’s account, it becomes easier for hackers to crack it. By breaching the enterprise’s security, they may get easy access to confidential data.
Increased vulnerability
Hackers and viruses can find their way through a weak systemto get access to the servers. IT teams take measures to fix these vulnerabilities and make the system robust. Unsanctioned programs are not tested for their weaknesses. Shadow IT may thus increase the chances of data pilferage.
Poor IT policy
In the age of big data, good IT governance is a must. Using shadow IT goes against this governance. However, the inability to check such actions is a result of an inefficient IT policy. Every time an incident of shadow IT occurs, someone breaks a rule in the IT policy. A comprehensive IT policy makes the modus operandi for the employees as well as the IT team clear.
Improper organisation functioning
Continuous use of shadow IT allows employees to carry internal data outside thecompany. For example,they may save official files on theirpersonal Google drive or a USB drive or email it to their personal ID. Some employees may even use the datafor personal purposes. Also, since shadow IT happens against the IT department’s consent, it promotes constant hostility between the team and the rest of the organisation.
Regulatory compliance risk
You have to follow the normsof various certifications. These include ISO standards, payment gateway standards, etc. Buying software licence without intimating the IT department may lead to compliance complications. The tech team is wellversed with the requiredc ompliance norms. If software is not licensed, your organisation may even face legal or financial issues.
The bottomline
The use of shadow IT couldpose a major threat to your organization. Although it offers you freedom in work, you should not question the knowledge of the expertsin this matter—the IT team. An organisation designs the IT policy for its benefit. You must not disregard it.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
