Shadow IT – Some transparency needed


As internet is must in Office, so comes the risk of an attack from hackers. We often must have ourselves installed software [if access provided] on office platform without even checking its health and at times it’s also seen that the same software is being used by whole of the team. We are risking our office data security and very easily providing a handle to hackers to grab our nerves.

What is Shadow IT?
The installation/usage of software’s which is not approved by IT department of the company, it could be a free license or an open source but due to our laziness or a belief we have in our mind that – if the restriction is not applied, there wouldn’t be any harm in installing, we are making our network vulnerable and weak to be attacked, exposing the firm’s sensitive information to the outside world.
One of the key thing observed here is many coders have been using a public cloud network or may be an open source from a virtual machine, giving the firm no option of defense against hackers.

Crux of the Matter

So how can the software installed which is a free license, not malicious in nature, during installation process no alarm was raised by the office anti-virus so how probably it could be dangerous to the firm?
Firstly, when we work on a public network, we our pushing our data to the public network and even though gui says that we might be successful in deleting it, but the copy would be saved in their DB or may be their server, which might be flushed out may be at EOD with the cleanup process or maybe not. Secondly, we are working outside firm’s firewall making the firm’s data totally exposed to the outside world. Thirdly, an unlicensed software could be caught in vendors audit making the matter worse.
So, it is indeed alarming. Isn’t?

Are the coders responsible for this?
As a coder myself , I would be bit biased to the group, but priority drives the process, I have seen myself how to resolve a prod issue , we look for all alternative when the things are to be delivered ASAP and waiting for IT department wouldn’t actually help us.
We can improve on IT turnaround time but you would agree that’s not a concrete solution to eliminate Shadow IT from our working environment.
Is Shadow IT that Bad?
If we look at flip side it basically assures on time delivery which can prevent the company from bad name but for sure risking the company’s security policy.

Do we see any Solution?

Before jumping to the solution let’s see what’s the reason for shadow IT being extensively used in our offices?
A coder faced an issue; he looked for the solution on internet and found some installation would help him resolve an issue. A coder now needs to think on below points

  • Would this software be also used by the client environment? If not installing and working on it is not actually solving our issue but creating dependencies
  • Do I really need that software? If yes, the IT team would have already provided to them, there might be already a licensed alternative version available for us.

From the management perspective

  • Why this unlicensed software is’s being used? It concludes team needs additional resources which management is not providing
  • Buying an approved software would affect the budget but in the long run may be it speeds up our delivery process
    So do you guys know the solution- well yes?

Both parties need to think and discuss and take the best approach possible. A handshake across department is the simple solution to eliminate Shadow IT

To Wrap Up
We need to take shadow IT as positive criticism and counter in a constructive fashion which would enable the firm to align IT department much more strictly with business needs. It can lead in creating a improved association with business units, and it also proves to be a catalyst to accurately resolve the underlying matter that created shadow IT in the initial place.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s