If employees use software without the knowledge of the IT department, shadow IT is created. Avision explains why this is an acute danger and what measures companies need to take to prevent it.
Companies rely on a whole range of different tools and technologies in their day-to-day digital business. In order to prevent data and security problems, IT departments keep official lists of the software used, keep them up to date and develop them further. However, there are often countless other programs hidden in the shadows that employees use without the knowledge of the IT departments, carelessly but usually without malicious intent. What causes this shadow IT, what problems does it lead to and how do companies need to counteract it?
Definition
Shadow IT exists as a parallel world alongside the officially managed applications and can nevertheless achieve the same significance. However, the many small tools, open source products or interfaces to official applications are not documented in the shadow world and are not part of the monitoring.
Problem
Unofficial software leads to security vulnerabilities, for example when undocumented interfaces allow unauthorized access to sensitive data. The Log4j problem also clearly shows that companies should not rely on external applications. This quickly leads to a loss of control and unwanted legacy code: IT departments must avoid both at all costs.
Reasons
Complicated processes and tight budgets encourage the emergence of shadow IT. Budding mistrust between the specialist department and IT can also quickly lead to employees relying on their own applications.
Countermeasures
IT departments can prevent employees from installing new software by making appropriate default settings. However, systems and projects must also be checked for existing shadow IT. The first step is to take stock, as legacy code and unofficially used applications are more widespread than many IT departments are willing to admit. The company structure also needs to be scrutinized. Shadow IT can be prevented with the right processes, such as a company suggestion scheme for new solutions. When it comes to unofficial tools, companies should engage in self-reflection: Why was the software chosen? Is the function missing from the official list? Why was it not included?
“It is perfectly legitimate for employees to decide for themselves what they need to work,” explains Nadine Riederer, CEO at Avision. “However, the right communication with the relevant departments is crucial. In this way, it can be clarified whether the purchase of a tool generally makes sense for the company and whether it should be included in the official list. Discussions with the IT department can prevent a lot of work and shadow IT.”
This press release is also available at www.pr-com.de/de/avision.
Press contact
Avision GmbH
Christina Karl
Marketing
Bajuwarenring 14
D-82041 Oberhaching
Tel. +49-89-623037-967
christina.karl@avision-it.de
PR-COM GmbH
Melissa Gemmrich
Sendlinger-Tor-Platz 6
D-80336 München
Tel. +49-89-59997-759
melissa.gemmrich@pr-com.de