With IT department resources and budgets stretched thin, employees are taking IT matters into their own hands. Even though these employees aren’t expected to be technical experts, they have the de facto responsibility to uphold IT security. The people tasked with upholding security are mostly unaware of the risks, or not concerned enough about the risks to change their habits.
The SMB Shadow IT Problem
Shadow IT looks different in SMBs than in large enterprises. The problem for SMBs isn’t the unauthorized use of cloud apps. This would imply that employees are breaking the rules and subverting their IT departments when they use cloud apps. Instead, Shadow IT in SMBs is more likely to be the result of a complete absence of authorization and control processes for cloud apps.
There are tens of thousands of cloud apps available on the market today, and each business averages the use of more than 700 cloud apps. Security experts estimate that less than 10% of these apps meet enterprise data, security and legal requirements, so most cloud apps represent a completely ignored threat vector for businesses. As a result, the problem of Shadow IT is growing for SMBs much more than in their enterprise counterparts.
Common Cloud Security Threats
The worst offenders are single use cloud apps such as free file conversion tools and file storage and sharing tools. When people need to convert JPGs into PDFs or send a large file to someone in the field, they upload potentially sensitive data into untrustworthy cloud apps. Fingers crossed this data is never viewed or stolen. In the best case scenario, an SMB is just incompliant.
Instead of crossing your fingers and hoping for the best, here’s what SMBs should do:
- Make Shadow IT a priority – Start with Visibility
- Engage with employees about their technical needs and wants
- Make sure IT is keeping pace with employees needs
- Allow for cloud app experimentation and innovation with non-sensitive data
- Clearly communicate the risks of Shadow IT and security priorities
- Create guidelines and processes for cloud app use
- Provide standardized cloud apps to streamline use
- Consistently re-evaluate cloud app use
The hardest part is the first step – making Shadow IT a priority. That first step adds another “to-do” to an organization’s already long checklist. Once the ball is rolling, addressing Shadow IT isn’t very hard or time-consuming. Most SMBs can get by through just passively monitoring cloud use and taking corrective measures when necessary. So when is your company going to take that first crucial step?
