The shadow IT effect: are you more vulnerable to a security breach?
At the end of last year, Core commissioned a survey of more than 200 IT decision makers to get their opinions on the changes to work in 2020: were they prepared for remote working; do staff have the tools they need to work remotely; and have they seen an increase in the use and downloading of unsanctioned IT and apps by staff?
Although remote working has brought with it some benefits, if not for employers then certainly for employees, it has also thrown up new challenges for IT teams around security.
It’s little surprise that a move to a largely unmanaged remote working scenario brings with it risks. No matter what sector you’re in, whether you have compliance standards to meet or not, no organisation can fail to be adversely affected by the loss of control for IT, lack of data protection and potential security exposure that working from home brings.
Another challenge which has reared its head during remote working, is the use of unsanctioned ‘shadow’ IT by employees. In our survey, 50% of respondents said they had experienced staff downloading shadow apps and solutions since remote working began. Not only are these solutions often inferior to solutions sanctioned and endorsed by the workplace, they can also leave networks open to security threats.
Most organisations today invest heavily in security to protect their network and infrastructure, often establishing role-based user access based on a least privilege model to stop unauthorised users accessing things they shouldn't. Things like multifactor authentication also help to keep accounts secure should a device fall into the wrong hands. But when an employee accesses shadow IT
Another issue, is that the use of shadow IT can compromise the effectiveness of the network security that’s already in place. The modern world requires us to have a password for almost every online account – and there’s only so many we can, or care to, remember. Most of us are guilty of using the same password across multiple accounts; a cybercriminal’s dream. And when an employee uses the same credentials to access shadow IT apps as they do for sanctioned applications, multiple applications can be easily infiltrated.
The repercussions of shadow IT extend beyond the immediate, too. If someone who has used unsanctioned web applications leaves an organisation, it’s unlikely there will be a record anywhere of the apps and cloud services they’ve been using. Are the accounts still active? What can they access? Properly offboarding employees when they leave an organisation is an essential part of IT security. Without knowing what accounts have been created, doing this right is impossible.
Further adding to the melting pot of potential security risks, is staff use of personal devices for work. Without the proper security perimeters in place, the use of personal devices can leave organisations vulnerable. All it takes is for an unsecured phone or laptop to be lost, left or stolen for unauthorised people to access company emails, data and financial information. And because we’re only human, people often store and save user credentials in their web browsers, on spreadsheets or even in lists on their laptop or phone. An unsecured device in the wrong hands, or even just without adequate firewall protection, is an invitation for a data breach or theft.
No wonder, then, that over half of the businesses we asked feel that personal device has left them more vulnerable to a security breach.
Despite the obvious concerns over the use of shadow IT, what did emerge from our survey was how IT decision makers felt they could take back control as people work remotely, and mitigate the risk of staff using shadow IT solutions.
It seems obvious, but the answer lay in providing staff with the tools they need not only to do their jobs effectively from home, but to fulfil their needs on a user experience and personal level.
The most commonly downloaded shadow IT apps were video conferencing (56% of downloads), instant messaging (35%) and file sharing solutions (32%). By deploying solutions that combine these capabilities, while also offering a user friendly, intuitive interface, IT teams can almost instantly decrease the risk of staff using shadow IT. And with 40% of users who downloaded shadow IT saying they did so because they were more familiar with it, the importance of choosing solutions that are easy to navigate and integrate seamlessly with existing tech can't be underestimated.
Looking ahead, 47% of the organisations we spoke to said that implementing new solutions to support remote working was their priority for the next six months (to the middle of 2021). Asking employees what functionality they value most in remote working solutions, then finding the right fit, seems a sensible place to start.
Wherever you are on your joining, Core can help you facilitate effective, secure and seamless remote working that enables business as usual activity while keeping colleagues securely connected, and able to communicate and collaborate with ease.
Speak to us about our Microsoft Teams workshops and see which workshops we offer here.