A majority of workplace apps could be shadow IT

hand shadow on keyboard

What you don’t know can and will hurt you. A recent study finds that your users are probably using more cloud apps than IT knows about, and that many of these apps carry serious security risks.

Shadow IT fears are nothing new. Users, other business managers and even executives are increasingly turning to cloud applications in order to get their work done.

But most of these apps are downloaded without IT’s permission, approval or an ability to monitor them. In other words, they’re often unsecure and sometimes downright dangerous.

Many IT managers might think they have a rough idea at least on the number of apps that are operating without their approval. Recent research, however, would suggest otherwise.

9 out of 10 are shadow IT

According to a CipherCloud survey, the average company in North America is running 1,245 cloud apps. (This is average, not median, so some large organizations could drive those results way up.)

Of those applications:

  • 15% are considered low security risk
  • 80.5% are medium risk, and
  • 4.5% are high risk.

Put another way, the average organization has 56 high risk apps running at any given time.

And it’s not a calculated risk, either. Most companies’ IT departments are unaware of the various apps users are running.

According to the survey, only 12% of apps in an organization are IT-sanctioned, meaning that 88% fall under the umbrella of shadow IT.

What are these shadow IT apps?

The variety of cloud apps being used run the gamut. Perhaps not surprisingly, the most commonly used apps are social media applications. The average organization has 254 social cloud apps.

Other common apps include collaboration (211 apps per organization), marketing (196 apps), IT infrastructure (163 apps), media (140 apps) and cloud storage (136 apps). These include both apps IT was aware of as well as shadow IT applications.

But when CipherCloud compared organizations’ ideas of which apps they were running to which ones were actually in use, the results were way off.

Organizations discovered unapproved apps for:

  • cloud storage (69%)
  • e-commerce (43%)
  • marketing (34%)
  • social (34%)
  • media (27%)
  • IT infrastructure (22%), and
  • collaboration (19%).

Getting ahead of the problem

A basic first step to eliminating shadow IT is to get a better idea of which cloud apps are already in use.

Talk with users and other managers. Find out which tools they’re using to get their jobs done, and before correcting them on the use of banned apps, listen to what they like about them.

You likely already have some applications that do the same things as these shadow IT apps. if you don’t, it could be worth looking into enterprise-grade alternatives that are more secure and controllable.

Create policies

Next, you’ll need to create and enforce a strong cloud usage policy.

[Click here for  sample cloud policy template.]

This should cover what behaviors and applications are acceptable and which are banned. Make sure the terms are clearly defined and examples are used as well – chances are most people won’t even know what a cloud app is, let alone if they’re using it.

Enforce your rules

Perhaps the least popular role IT has to play is saying “No” – and that’s saying a lot as so much of IT’s job responsibilities are unpopular with users.

But if users are continually or knowingly going against cloud policies, that’s not acceptable. These apps and services carry huge risks, so it’s up to you to put your foot down and make sure violations stop.

Ignorance of the rules can’t be an excuse, and if that takes disciplining users for policy violations, so be it.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy