Shadow IT

Shadow IT is a term often used to describe information-technology systems and solutions built and used within organizations without explicit organizational approval. It is also used, along with the term “Stealth IT”, to describe solutions specified and deployed by departments other than the IT department. [1]

Shadow it is regarded by year Many major source for innovation and Such systems May turn out to be prototypes for future approved IT solutions. On the other hand, shadow IT solutions are not always in line with the organization’s requirements for control, documentation, security, reliability,

Compliance issues

It is a term used in IT for any application or transmission of data, which is not under the jurisdiction of a centralized IT or IS department. The IT department did not develop it, and was not aware of it, and did not support it. This increase in the likelihood of ‘unofficial’ and uncontrolled data flows, making it more difficult to comply with the Sarbanes-Oxley Act (USA)

  • Basel II (International Standards for Banking),
  • COBIT ( Control Objectives for Information and Related Technology ),
  • FISMA ( Federal Information Security Management Act of 2002 ),
  • GAAP ( Generally Accepted Accounting Principles ),
  • HIPAA ( Health Insurance Portability and Accountability Act ),
  • IFRS ( International Financial Reporting Standards ),
  • ITIL ( Information Technology Infrastructure Library ),
  • PCI DSS ( Payment Card Industry Data Security Standard )
  • TQM ( Total Quality Management ), etc.

Examples

Some examples of These unofficial data flows are USB flash drives or other mobile data storage devices, MSN Messenger or other online messaging software, Gmail or other online email services, Google Docs or other online documents sharing and Skype or other online VoIP software, And also other less straightforward products self-developed Excel spreadsheets and macros . Security risks are inherent in the security of the network.

A 2012 French survey [2] of 129 IT managers revealed some examples of shadow IT:

  • Excel macro 19%
  • Software 17%
  • Cloud solutions 16%
  • ERP 12%
  • BI systems 9%
  • Websites 8%
  • Hardware 6%
  • VoIP 5%
  • Shadow IT support 5%
  • Shadow IT project 3%
  • BYOD 3%.

Another study found that greynet , content apps, and utility tools are the most used shadow systems in organizations. [3] However, CIOs vastly underestimate extent of shadow IT. [4]

Another form of shadow IT comes by way of OAuth connected applications, where a user authorizes access to a third party application via a sanctioned application. For example, the user can use their Facebook credentials to log into Spotify, or another 3rd party application via their corporate cloud app (Google G Suite or Microsoft Office 365). With this access, the 3rd party app may have excessive access to the sanctioned app, introducing up unintended risk.

Reasons for use

Incumbent IT management with a legacy infrastructure and data management challenges can not be provided as a service because they are unaware of its advantages, or can not acquire the budget for its successful implementation. Against this background, neither can the IT department ever deliver against all business requirements at a low cost relative to a true DaaS IT department. These deficiencies lead the business to implement IT solutions that may be perceived to cost less to execute, albeit whilst introducing risks

For example, with the rise of powerful desktop CPUs, business subject matter experts can use shadow IT systems to extract and manipulate complex datasets without having to request work from the IT department. The challenge for IT is to recognize this activity and improve the technical control environment, or to guide the business in selecting enterprise-class data analysis tools.

A further barrier to adopting is the legacy IT bulk provisioning of the ‘Read’ element of the CRUD model (Create, Read, Update, Delete). This leads IT into neglecting the need to ‘write back’ into the original dataset, because this is complex to achieve. It is the need of shadow IT users to then store this changed data separately (IE ‘siloeing’) that results in a loss of organizational data integrity.

Placing barriers to shadow IT can be the equivalent of stifling organizational innovation and cost reduction. A study [5] confirms that 35% of employees feel they need to work around a security measure or protocol to be able to do their work efficiently. 63% send documents to their home e-mail address to continue work from home, even when they are aware that this is probably not allowed.

Implications

This section may have too many headers dividing up its content . Please help improve the article by merging similar sections and removing unneeded subheaders. (February 2016)

Besides security risks, some of the implications of Shadow IT are: [6] [7]

Wasted time

Shadow IT adds hidden costs to organizations, consisting largely of non-IT workers in finance, marketing, HR, etc., who spend a significant amount of time discussing and re-checking the validity of certain data, setting up and managing systems and software Without experience.

Inconsistent business logic

If a ‘shadow IT’ spreadsheet application encapsulates its own definitions and calculations, it is likely that over time inconsistencies will arise from the accumulation of small differences from one to another, as spreadsheets are often copied and modified. In addition, many errors that come from either lack of understanding of the concepts or incorrect use of the spreadsheet frequently go undetected due to a lack of rigorous testing and version control.

Inconsistent approach

Even when the definitions and formulas are correct, the methodology for carrying out analysis can be distorted by the arrangement and flow of linked spreadsheets, or the process itself may be wrong.

Wasted investment

Shadow IT applications Sometimes prevent prevention Full Return on investment (ROI) from investments in systems That are designed to perform the functions now Replaced by shadow it. (DW) and Business informatics (BI) projects, which are initiated with good intentions, where the broader and consistent use of DW and BI in the organization never really starts off. DW & BI solutions. DW & BI solutions. DW / BI system to choose cheaper (shadow) alternatives, also plays a part in preventing successful enterprise implementation.

Inefficiencies

Shadow IT can be a barrier to innovation by blocking the establishment of more efficient work processes. Shadow IT systems layer on top of existing systems. Data might be exported from a shared system to a spreadsheet to perform the critical tasks or analysis.

Higher risk of data loss or leaks

Shadow IT data backup procedures may not be provided or audited. Personnel and contractors in Shadow IT processes may not be through education, procedures or vetting processes. Originators of Shadow IT systems may leave the organization behind the complicated systems.

Barrier to enhancement

Shadow IT can act as a brake on the adoption of new technology. Because IT artifacts, eg, spreadsheets, are deployed to fill critical needs, they must be carefully handled. But lacking adequate documentation, controls and standards, that process is slow and error-prone.

Organizational dysfunction

Shadow IT creates a dysfunctional environment leading to animosity between IT and non-IT related groups within an organization. Improper motivations behind Shadow IT efforts such as seeking job-security (ie “Bob is the only person with this data” or “what will happen if he leaves?”), Data hoarding, self-promotion, favor trading, etc. Can lead to significant management issues.

A 2015 survey of over 400 global CIOs showed 90% of CIOs worldwide find themselves by-passed by line of business at least sometimes. One third (31%) of CIOs globally are routinely side-lined when it comes to making IT purchasing decisions. [8]

Effect on IT DepartmentsAccording to Gartner, by 2015, 35 percent of corporate IT expenditures for most organizations will be managed outside the IT department’s budget. [9]

References

  1. Jump up^ “Shadow IT – Should CIOs take umbrage?” . CXO Unplugged . Retrieved 2012-04-25 .
  2. Jump up^ RESULTS OF THE SURVEY ON THE PHENOMENON OF “SHADOW IT” by Thomas Chejfec:http://chejfec.com/2012/12/18/results-complets-de-lenquete-shadow-it/
  3. Jump up^ Silic, M., & Back, A. (2014). Shadow IT-A view from behind the curtain. Computers & Security, 45, 274-283.
  4. Jump up^ http://securitygamified.com/task/
  5. Jump up^ RSA, November 2007, The Confessions Survey: Office Workers Reveal Everyday Behavior That Places Information at Risk, available from:http://www.rsa.com/company/news/releases/pdfs/RSA-insider-confessions .pdf
  6. Jump up^ Raden, N., October 2005, Shadow IT: Lesson for BI, BI Review Magazine, Data Management Review and SourceMedia, Inc.
  7. Jump up^ Myers, Noah and Starliper, and Matthew W. Summers, Scott L. and Wood, David A., The Impact of Shadow IT Systems Information is Perceived Credibility and Managerial Decision Making (March 8, 2016). Available at SSRN:http://ssrn.com/abstract=2334463orhttp://dx.doi.org/10.2139/ssrn.2334463
  8. Jump up^ “Shadow IT is a reality for 90% of CIOs” . Logicalis . Retrieved 2015-11-23 .
  9. Jump up^ “Predictions Show IT Budgets Are Moving Out of the Control of IT Departments” . Gartner . Retrieved 2012-04-25 .

Leave a Comment

Your email address will not be published. Required fields are marked *