Matt Zanderigo penned an impressive article on LinkedIn highlighting the risks that an employee's apps could pose to their company's IT. The great thing about Zanderigo's article is that it shows how well-meaning employees can threaten their company's data security by using non-approved apps to be more productive at work.
"Shadow IT" is a term used to describe apps and other IT that haven't been explicitly approved by IT departments. These apps can include…
- Cloud backup.
- File sharing.
- Screen-capture.
- And more.
Unfortunately, these non-approved apps are usually only built for consumer use and don't have the kind of security one would demand from industry apps. Skyhigh Networks reports that only one in 10 file-sharing apps are enterprise ready and nearly 60 percent are high risk.
Let's take a look at some of the common apps your client's employees could be using and how they might threaten the company's security.
One Bad App Spoils the Bunch
It's important to remember that when a client uses a third-party app, they're usually just trying to work smarter and have access to their work files and data, even when they're working from home or on the road. Many employees might not even realize that these apps could expose their company's data. The following shadow IT apps could pose a security risk:
- Cloud apps. Whether it's Dropbox, Google Drive, iCloud, or Box, a cloud drive lets your client's employees access files from anywhere. That's great for their productivity, but unfortunately, many of the most common cloud storage apps aren't built for business-level security. There are a number of ways their security can fall short: not having end-to-end encryption, storing encryption keys on cloud servers, not requiring multi-factor identification, and keeping copies of files on the employee's personal devices.
- File transfer apps. Rather than send large files via email, employees can use apps like YouSendIt and uTorrent to transfer large amounts of data. However, when data is uploaded or transferred, it leaves your clients' secure custody and could be hacked on the third party's servers.
- Remote access apps. Workaholic employees and those who work from home might set up an app like LogMeIn, which allows them to log in to their work computer remotely. This could lead to a host of problems if their LogMeIn account is hacked.
- Screen cap apps. Employees sometimes use Jing, SnapIt, or other screen-grabbing apps to take pictures of data, spreadsheets, and other info they may need to reference later. When these screen captures are stored on public servers, they could be hijacked by malicious hackers. If an employee took a screen capture of an important spreadsheet, it could lead to a data breach.
The Takeaway: Shadow IT Is a Common Problem for IT Departments
The Wall Street Journal reports that non-approved IT usage is extremely common. One survey of IT professionals found that…
- 72 percent of employees use some kind of shadow IT.
- 40 percent of IT departments have no process in place to limit shadow IT.
Given how common non-approved apps are, it's important for IT professionals to make an effort to address this liability. Many users probably don't realize that they are putting their company's security at risk, so you'll need to educate clients about the potential dangers of using non-approved, third-party apps in their work.
No client wants to lose functionality and productivity, so be prepared to offer an alternative service that is more secure. This could include setting up VPNs and private clouds to allow employees to access work data from multiple locations in a secure way.
If shadow IT usage runs rampant at your client's workplace, it's likely because they don't have sufficient IT in place that offers the same functions. If you play your cards right, you can leverage a client's shadow IT usage as a way to get them to invest in more IT solutions that you provide.
