Shadow IT has long been a problem for IT departments. The days when IT had full control over their infrastructure and nothing new was being brought into the business without IT approval are gone. Now, anyone in the business with a credit card and internet access can have a new application up and running in a matter of minutes, with IT being none the wiser to its existence. The problem is only growing with the proliferation of new apps, as well as pressures on workers to be productive, without concerns over security or compliance. On top of this, mobile is becoming a new gateway to shadow IT.

What is Shadow IT?

Shadow IT refers to the use of IT systems without the approval of the organization. While there are many that consider Shadow IT an important source of innovation, it actually ends up costing the business and is often not in line with security and compliance policies. Examples include devices such as USB sticks, online messaging software as well as online document storing and sharing applications such as dropbox. These systems take corporate data outside of IT’s infrastructure into an unprotected and unregulated system.

Shadow IT

How mobility has impacted Shadow IT

The number of corporate owned and BYOD (‘bring your own device’) mobile devices continue to grow. Mobility has allowed workers to be more productive and able to work regardless of their location. However, mobility is not without its problems. Mobile devices are providing another window for employees to get around IT’s infrastructure, bypassing firewalls to access websites blocked by IT.

Having a mobile device at your desk which can use connections outside the corporate network has led to employees using that 3/4G connection to access networks blocked on the corporate network. In some cases, employees will tether their corporate mobile devices to their laptops to access unapproved or blocked websites. This is a huge problem for IT. Mobile devices can easily leave the protective barrier of the enterprise and access many disparate networks with ease. It is not just out of control of IT staff, but out of view.

Read more: How to Create a BYOD Policy 

How to tackle the problem

A large majority of companies enable some form of web content filtering within the network. Even where policy is not enforced, visibility into usage is considered a standard requirement to ensure productivity, network efficiency and minimize the risk of legal liability. Secure Web Gateways and Next Generation Firewalls are, of course, multi-billion dollar markets. IT departments are now looking to gain the same level of visibility and control over mobile devices as they have for assets within the network.

IT also needs to effectively communicate acceptable use policies. Unlike traditional PCs, there is a stronger perception that mobile devices, even where corporate owned or corporate liable, are unmanaged employee devices. Yet the company can be held legally liable.

IT needs to act now to bring corporate mobile devices under their control and visibility. Mobile is widely being acknowledged as the weak link in the company’s infrastructure and without protection, Shadow IT will not just be a problem for IT, but could end up affecting the whole business through data leakages and security breaches.