Blog article
See all stories »

Shadow IT is on the rise and it could cost you

We’ve all done it right?

Downloaded a bit of software which will help do our jobs. Nothing wrong with that you might say. We all can get bored with the company provided software that doesn’t quite match what we need. And who wants to go to the IT department, make the case for a new expense and all the paperwork that’s required to get it up and working?

But the real problem is, people who use software without the permission of their organisation’s IT team are putting themselves and everyone else at risk.

These dangers are backed up by research from Gartner, which estimated that one-third of successful attacks on enterprises are on data located in shadow IT resources.

Yet Shadow IT is on the increase and many companies are either unaware of it happening, or won’t acknowledge it. Many look the other way, preferring it didn’t happen, but not sure how the rules can be enforced.

We did a survey recently which examined the use of shadow IT in the form of SaaS (Software-as-a-Service) across 200 companies. The sample included companies from industries with specific data security obligations, such as healthcare, cybersecurity/identity and financial.

And this is what we found, which surprised even us. Over the 200 surveyed businesses, there were a staggering 23.6 million instances of shadow IT usage, across 2,259 unauthorised software platforms. This means that, over the course of an eight-hour workday, an employee accessed an unauthorised software platform every 4.9 seconds.

Shadow IT accounts for more than half of daily software usage for over half the companies surveyed.

Which means, in simple terms, most software used by companies is not authorised. Okay, our sample was 200 businesses, but we know that that is a very accurate sample and reflects the state of the market.

Think about for a moment - over half of the SaaS stack in companies is likely to be made up of a considerable proportion of software that is unauthorised.

If that doesn’t give management teams the jitters, I’m not sure what will.

It’s a shocking result and you can wonder why companies are so lax when it comes to putting a stop to this, but the potential results of using unauthorised software are the real worry here.

Take the first nightmare and one which should keep cybersecurity/identity and financial companies awake at night. It’s bad for security, full stop. Unsanctioned tools may lack robust security features. This makes them more vulnerable to attacks and data breaches.

Also what about compliance issues? Unauthorised tools can lead to contract violations and breaches of industry-specific regulations and certificates. This can end up causing you to be on the wrong end of some hefty fines.

And think of two very practical considerations. As departments purchase overlapping tools and services without centralised oversight, it can be a drain on money and time resources. Then there are potential integration problems. When teams use incompatible tools, integration problems can lead to information silos and collaboration issues.

As for which teams within a company use Shadow IT, unsurprisingly, it's the sales and marketing teams which are the main culprits. Indeed, 44% of shadow IT is used by the sales team, with marketing coming in at 21%. Next on the naughty step is product/engineering at 18%, then HR at nearly 7% and data at 5%.

As for which software is most used within the Shadow IT stack, it doesn’t take a genius to guess which one is most up there. Yes, it's artificial intelligence, which suggests that many companies who ban the use of AI, especially in the finance industry, are either ignorant of this fact, or just don’t know what to do to stop it.

So to answer my own question, yes, Shadow IT is very bad.

But here’s a very sobering fact: employees are 3.5 times more likely to use shadow IT than approved SaaS in their day-to-day work. People prefer their own choice of software, full stop.

So I would suggest two courses of action, as a matter of urgency. Firstly, I would advise every company to conduct an immediate and extensive SaaS audit before it's too late.

Secondly, companies need to ask themselves why their employees are using Shadow IT. There’s a huge gap here, between what companies use and what people want to use - a classic case of people not talking to each other and understanding what people actually need.

This gap has to start closing, and fast.

2141

Comments: (0)

Brad Van Leeuwen

Brad Van Leeuwen

Co-founder and COO

Cledara

Member since

09 Nov 2023

Location

New York

Blog posts

2

This post is from a series of posts in the group:

Fintech

Fintech discussions and conversations around the development of fintech.


See all

Now hiring