IT leaders are bombarded with marketing messages regarding security and Shadow IT. All those messages blend together into white noise at some point. Then one day, you get an email that stands out from the rest:  A friend, who’s also a client, forwards you a marketing email from one of your former employees. Turns out, that former employee left with all your account information and is leveraging it for their startup. And this is just the tip of the iceberg. Shadow IT rears its ugly head and damage control ensues.

It’s all about the risk
2015 was the year when Shadow IT was in the spotlight. The noise about the risks Shadow IT poses has grown louder. As cloud app use surged and employees’ attitudes towards network security diminished further, IT leaders have watched risks mount, and in some cases, the worst occurred. Business data has been hidden, lost and potentially used for malicious intent. Turning a blind eye means you’ll have a black eye before too long.

You’re aware of Shadow IT. Now what?
Understanding the scale of risk Shadow IT poses enables smart business decisions. You’ll need Cloud Access Monitoring to see how many apps are being used. Most IT leaders guess that it’s around 15. After regular monitoring, the reality is normally greater than 700! Seriously. Knowing the apps employees use is nice, but knowing who is using the apps and how they are using them is critical. Then it should be fairly easy to identify the people who are misusing company data.

Not all cloud apps will grow up
We expect the biggest service providers for business to have their own administrative security panel setup for monitoring and policy enforcement before the end of 2016. The problem is that this is a huge undertaking for each cloud app provider. Those Sanctioned apps that you know about are rarely the problem. It’s the unknown “Rogue” apps that pose the biggest risks. Of the 700+ cloud apps that employees use, the vast majority will still cause Shadow IT risks.

Know Shadow IT’s risks in 2016
If there’s one thing that IT leaders must know about Shadow IT in 2016, it’s an accurate assessment of its risk. Cloud Access Monitor is easy to implement and affordable enough for most SMBs. Firewalls can’t do it and most cloud apps don’t have the controls in place to make it easy, so you need a specialized solution for continual monitoring. That way, if the worst happens, you’ll be able to say you’ve been monitoring the situation, rather than to say you had no idea. After all, knowledge is power.