12:32 PM
Connect Directly
Repost This

Shadow IT Reality Check: Survey Shows IT Pros Are The Worst Offenders

When it comes to unauthorized SaaS applications, IT professionals are some of the most prolific users, according to a recent survey.

Anyone who has worked in IT for any amount of time probably has a few guilty secrets about their own rogue IT activities. Shadow IT -- that is, using SaaS applications that have not received the blessing of the IT department or were not obtained in ways that are strictly above board when it comes to IT procedures and policies -- is everywhere, whether CIOs want to admit it or not.

In a recent survey by Frost & Sullivan's Stratecast group, more than 80% of respondents admitted to using non-approved SaaS applications as part of their day-to-day business activities. In fact, only 17% of IT employees are toeing the line when it comes to limiting their technology to corporate-sanctioned products. The survey, sponsored by McAfee, polled 600 IT and line of business employees in the U.S., UK, Australia and New Zealand.

Authored by Frost & Sullivan’s cloud computing program director, Lynda Stadtmueller, the study revealed that IT professionals themselves are by far the worst offenders when it comes to using unauthorized services. What’s more surprising is that IT holds itself above its own policies.

An incredible 91% of IT departments are currently using at least one unapproved SaaS app as part of standard procedure, and 25% are using six or more unauthorized apps. What’s more, about a fifth of individual IT users (19%) are also personally opting to break the rules in embracing a half dozen or more SaaS apps that aren’t sanctioned by the IT department, either officially or unofficially.

Why is IT breaking the very rules that it sets for the rest of the company?

“An IT person may feel more confident in their abilities. It’s very much an attitude of ‘It’s okay for me ... don’t you do it’,” Stadtmueller said in an interview this week. “In reality, that’s probably not true, especially when you have multiple IT people, each with their own specialties, each doing their own thing. It can be pretty risky.”

When it comes to corporate security, CIOs are right to be concerned about shadow IT. After all, not only does unauthorized software open the network up to malware and Trojans -- about 15% of all survey respondents either experienced or perceived a security “incident” -- but the logistics of managing versions and installed licenses can be a nightmare. Then there’s the potential for loss of secure information and risk of compliance -- an ugly situation no matter how you look at it.

[Read how startup Netskope aims to help companies control rogue use of cloud applications by employees in "Cloud Service Reins In Shadow IT."]

However, the prevalence of shadow IT speaks to a larger issue within the corporate culture. Employees turn to rogue IT solutions not for malicious or lazy reasons. In fact, the same survey respondents who were deploying unauthorized SaaS apps said that they had “high concern” for putting the company’s data at risk.

Quite simply, they turn to unauthorized SaaS apps because they just want to get their jobs done. “We saw no evidence that anyone didn’t care about the security risks or the welfare of the company,” Stadtmueller said. “Both IT and the LoB employees appeared to feel that their decisions were justified, that they were bringing greater value to the company. They’re thinking, ‘I got to do my job, I have to do it fast and I’m confident that the benefits will outweigh the risks.’”

A CIO’s first instinct is to simply lock down the network. That’s exactly the wrong response, according to Stadtmueller.

“The right answer isn’t to crack down. The answer is to find a security solution -- and the good thing about technology is that the answer exists somewhere -- that is broad enough to give employees the freedom that they really want,” Stadtmueller advised.

“Let them choose the software they really want within the right parameters," she said.

Wendy Schuchart is a technology journalist with more than a decade experience in enterprise IT. Most recently, Schuchart was the senior site editor of TechTarget's CIO Media Group. She has also served as section editor for UBM's Network Computing and Secure Enterprise. ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/18/2014 | 4:31:19 PM
re: Shadow IT Reality Check: Survey Shows IT Pros Are The Worst Offenders
The current IT providers internally are not able to keep up with the requests of the needs of the individual needs. Many planners are still in the days of the cookie cutter approaches. Just need a template and get all to follow. These days workers are more demanding and with the frantic pace, there is a pressure to have quicker turnaround, unknowingly thread across the grey area of looking for alternatives. Current strategy such BYOD are a means of a stop gap approach where individual is allowed of choice and still being managed by the company.

Education is still key aspect on the risk that one might be exposed to any form of compromised and this has to be something that needs to be constantly reminded.
User Rank: Apprentice
1/16/2014 | 5:16:49 PM
re: Shadow IT Reality Check: Survey Shows IT Pros Are The Worst Offenders
Useful detail on this survey... for me the key point is the motivation of the people (in IT and elsewhere) to do the right thing for the business leads to shadow IT ... the solution needs to leverage that positive motivation not block it ... SaaS needs to be integrated into corporate governance (not blocked or contained by IT governance)
User Rank: Apprentice
1/15/2014 | 10:26:01 PM
re: Shadow IT Reality Check: Survey Shows IT Pros Are The Worst Offenders
One way to help tackle the problem might be to provide services such as secure file sharing so employees can work on their mobile devices without putting corporate data at risk.
Hot Topics
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
Heartbleed Flaw Exploited In VPN Attack
Mathew J. Schwartz 4/21/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed