Recently, ARS Technica published a scathing article, “Clinton’s e-mail scandal another case of the entitled executive syndrome,” which focuses on Shadow IT as a matter of fact:
“Often, people use Shadow IT at work because of a lack of official IT resources to support a need. But they also use Shadow IT for personal convenience—especially the personal convenience of executives and managers who want what they want and will twist the arm of someone in IT to support it whether it’s within policy or not (or find someone else to do it for them and then tell IT they have to support it).”
The irony in this case and in others like it is that the people who extol the importance of digital security are often the ones who expect the most exceptions. We all understand why it’s important for everyone in an organization to err on the safer, more secure side of the road when it comes to digital workflows. There is data supporting how company insiders put information at risk:
- 56% of respondents said that the primary cause of data breaches experienced by companies in this study was the careless employee.
- In contrast, only 22% of respondents say external attackers or malicious/criminal insiders caused the breach.
But when it comes to our own behavior, we tend to prioritize ease of use and productivity and downplay the risks. Employees, execs, and IT pros all have one thing in common: when it comes to Shadow IT, everyone else is the problem. I should know since I’m guilty of it myself!
Here at ManagedMethods, we use a variety of sanctioned cloud apps, including Salesforce, which I use on a daily basis. However, I must admit that I also use a couple of unsanctioned cloud apps:
- Evernote to take quick notes during calls and create to-do lists
- Google Apps to collaborate with my team
Both these apps are free, easy to use and increase my productivity. My use of these apps is the very definition of Shadow IT!
But since we are a cloud security company, we practice what we preach: our IT team is able to monitor and control cloud app use, even unsanctioned apps, using the ManagedMethods platform. So they know I’m using Salesforce, Evernote, and Google Workspace, and even what type of data I’m sharing with those apps. That visibility and control is key to maintaining that delicate balance between risk and productivity.