A new report highlights the many benefits and risks that enterprises face regarding ‘shadow IT,’ unmanaged IoT devices and implementing new (not approved) technology. Let’s explore.
A new report was released this past week by Entrust Datacard, and I found the results to be surprising, thought-provoking and requiring action.
The research is titled: The Upside of Shadow IT: Productivity Meets IT Security. The report outlines how implementing solutions that let your employees own their work experience can lead to increased productivity, improved employee retention and greater trust in leadership.
Why was I intrigued?
The report has an interesting mix of good and bad news for enterprises. While it lays out both benefits and drawbacks to shadow IT and new (unauthorized and unmanaged) technology showing up at work, the headlines focus more on the positive aspects of shadow IT and encourage openness.
The report touches on the power of innovation, creativity and new devices under the Internet of Things (IoT) umbrella.
Here are some of the key findings:
New Research Findings On Security
Here are some interesting questions and percentage answers from the report.
Some of the most interesting statistics from the report include:
Definitions and Context Please
So what is “Shadow IT” anyway? This brief video defines some related terms.
Over the past few years, I have written about shadow IT in several different articles. From Christmas presents that staff bring to work in January to cloud apps, to cheap or free back-ups of personal devices with work data, the challenges are daunting and evolving.
The other aspects of this report address the critical need for technology and security staff to work hard to get to yes with secure solutions for staff – and not just dismiss requests from staff for new tech. This topic is certainly not new, and the challenge has been around for well more than a decade. For example, see my “enabling innovation” stories from BYOD is the new WiFi or “Why security pros fail – and what to do about it” or “Idea to retire: Cybersecurity kills innovation.”
Related to this topic, I have also covered how cloud security is closely linked to shadow IT, such as these pieces entitled: Trust and Risks Both Growing in Government Clouds and Where Next With Cloud Security?
I find this report both helpful and a bit concerning at the same time. The authors clearly believe that Shadow IT can be a benefit to productivity and innovation, and they offer some tips to show how security can be addressed. They clearly state that the “glass is half full” with Shadow IT.
So full-speed ahead into the shadows, right?
Not so fast.
At a basic level, I don’t know how CIOs, CTOs and CISOs can address what they do not know about. Report recommendations like “encrypt all your data” can only be acted upon if you know about the data in the first place. Playing “hide and seek” in enterprises with new tech between IT staff and business areas is an inherent problem with Shadow IT and a paradox not easily embraced, in my experience.
So here’s a challenge for you. I’d love to see real-life examples and case studies of governments or private-sector organizations who encourage shadow IT (with all the benefits described) and who also do cybersecurity well with those devices and technologies.
Nevertheless, the report is well done and worth reading. Take this opportunity to address (or re-examine) your shadow IT policies, procedures and cybersecurity in your organization.