Alpha Software Blog

Shadow IT Is a Far Bigger Problem Than You Know. Here’s How to Lock It Down

How big a problem is shadow IT? Much bigger than you might imagine. A survey of more than 400 CIOs from around the world by Logicalis found that 90 percent of CIOs are bypassed by line-of-business staff when making technology-related purchasing decisions at least occasionally, and 31 percent are bypassed “very often” or “most of the time.” In addition, Cisco found that based its cloud consumption engagements with customers, “large enterprises on average use over 1,200 cloud services—over 98% of them are Shadow IT.”

How big a problem is shadow IT? A new survey shows it may be bigger than you might imagine. SShadow IT can cause multiple issues in enterprises, including downtime, inefficiency, a lack of interoperability, maintenance woes, unnecessary spending and more. One of the most serious problems, though, is security. Holly Dale, security operations center director for the Armor security firm, writes in a blog “The Real Cost of Shadow IT,” “there are very real security concerns about technologies set up outside of normal IT processes.”

She warns, “From a compliance perspective, there are major concerns with shadow IT. Employees procuring and implementing their own software, systems or services invariably fail to implement even rudimentary security controls such as changing default passwords, patch management, log correlation, or security monitoring…A lack of compliance can cause ‘findings’ (noncompliance with regulations or procedures).  This can lead to audit failures, possible decertification of the system, loss of company proprietary or critical data, or loss of public trust in the business.”

She concludes there are even worse security problems with shadow IT: “Systems and software placed on a network without IT/Security awareness will more than likely remain unpatched.  This can easily result in vulnerabilities and entry methods for threat sources. Because logs for unknown systems likely aren’t sent to central correlation and aren’t regularly reviewed, intrusions or unauthorized access at these endpoints can go unnoticed for months, or might never be discovered at all!  Without proper log distribution, such intrusions may not be exposed unless and until the intruder attempts to jump to other protected and monitored nodes or subnets.”

Christopher Frank add this warning in a Forbes article about shadow IT: “Data loss and downtime can happen if we download software or run a tool that might include a cryptolocker and start to encrypt files across the file server.”

The security issue is only getting worse. Gartner estimates, “By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.”

How to Protect Against Shadow IT Security Dangers

All this doesn’t mean that companies should try to eliminate shadow IT. Line-of-business experts, citizen developers and others outside IT help spur digital innovation, as does the use of cloud services. So instead, companies should, in the words of Gartner, “find a way to track shadow IT, and create a culture of acceptance and protection versus detection and punishment.” 

Alpha Software can help. Alpha TransForm technology can help IT lock down mobile forms without slowing down the business. And it can integrate apps created by business users into the existing databases and workflows IT organizations have already invested in and secured. Alpha TransForm also provides a method for business users to develop new, secure business apps in minutes -- with higher performance, faster UIs for end users, and richer data capture capabilities (offline operation, data lookup and validation, large data storage, GPS, audio/image capture and more).

For details about how to secure your business apps and keep your security and data policies in place, connect with Alpha Software.


Prev Post Image
Tips for Speeding Up the Mobile App Development Process
Next Post Image
5 Mobile App Design Trends for Business Innovation

About Author

Amy Groden-Morrison
Amy Groden-Morrison

Amy Groden-Morrison has served more than 15 years in marketing communications leadership roles at companies such as TIBCO Software, RSA Security and Ziff-Davis. Most recently she was responsible for developing marketing programs that helped achieve 30%+ annual growth rate for analytics products at a $1Bil, NASDAQ-listed business integration Software Company. Her past accomplishments include establishing the first co-branded technology program with CNN, launching an events company on the NYSE, rebranding a NASDAQ-listed company amid a crisis, and positioning and marketing a Boston-area startup for successful acquisition. Amy currently serves as a Healthbox Accelerator Program Mentor, Marketing Committee Lead for the MIT Enterprise Forum of Cambridge Launch Smart Clinics, and on the organizing team for Boston TechJam. She holds an MBA from Northeastern University.

Related Posts
The Abbreviated Guide to The Digital Data Chain
The Abbreviated Guide to The Digital Data Chain
The Data Dilemma: Why Manual Collection Stalls Manufacturers
The Data Dilemma: Why Manual Collection Stalls Manufacturers
Alpha Software called upon to support Trans-Atlantic Challenge
Alpha Software called upon to support Trans-Atlantic Challenge

The Alpha platform is the only unified mobile and web app development and deployment environment with distinct “no-code” and “low-code” components. Using the Alpha TransForm no-code product, business users and developers can take full advantage of all the capabilities of the smartphone to turn any form into a mobile app in minutes, and power users can add advanced app functionality with Alpha TransForm's built-in programming language. IT developers can use the Alpha Anywhere low-code environment to develop complex web or mobile business apps from scratch, integrate data with existing systems of record and workflows (including data collected via Alpha TransForm), and add additional security or authentication requirements to protect corporate data.