Shadow IT refers to software that is used within an organization without the approval, support, and oversight of the IT department. It can include popular cloud services such as file sharing apps, social media, and collaboration apps that employees find convenient and useful to use at home, at the office, and on the road. The Internet of Things (IoT) is adding a level of complexity to the problem. With the influx of wearable devices that can connect to the internet, the risks posed by employees using personal technology (aka BYO-IoT) to access secure systems and data are a growing concern for security teams.
The lack of control and oversight leads to uncontrolled data flows from the business outward, via online document services like Google docs, collaboration services like Gmail and MSN Messenger, VOIP services like Skype, as well as USB drives and other portable storage devices. This makes it difficult for an organization to comply with GDPR, Sarbanes-Oxley Act, GLBA, HIPAA, FISMA, and many other compliance standards. It also leads to wasted time, inefficiencies in work processes across the organization, and exposes the company to cybersecurity risks and data breaches.
Efforts to place barriers to shadow IT are difficult to implement and often serve to drive the use deeper underground, as employees find workarounds to security measures and protocols in order to work more efficiently.