Shadow IT may sound sinister, but it is actually an occurrence that is rather common and affects the majority of today’s organisations, whether they realise it or not. It refers to IT devices, software or services that are acquired and managed outside of the knowledge or control of the IT department.
Why is that a problem? Since shadow IT lies outside the jurisdiction of an organisation’s IT purview, the practice commonly deviates from the “official” corporate requirements for control, documentation, security, reliability or compliance. As such, it introduces new business and security risks to the organisation.
To find out more about ways enterprises can mitigate the shadow IT problem, CSA interviewed KT Ong, Country Manager, Malaysia, Dell Technologies
Cyber Security Asean: What is your opinion on shadow IT? Is it good or bad for business?
The consumerisation of IT and cloud computing has expanded the meaning of shadow IT to include personal technology that employees may use at work and cloud services that is supported by a third-party provider, instead of corporate IT. As organisations are pressed to consider a more agile, flexible approach to work – more so in the current climate where working remotely (from home or otherwise) is the new norm – some may see shadow IT as the natural “evolution” of how enterprise will consume technology.
In a post-pandemic world, the idea of a permanent remote workforce is not only possible but could very well be the reality. In a survey by PwC, almost half of respondents (48%) in Malaysia are considering making remote work a permanent option. This requires organisations to evolve their lifecycle management strategy and virtual desktop infrastructure capabilities so employees have the right mix of technology, remote work experience and – crucially – security, that will allow for unhindered productivity and drive innovation.
While there are obvious benefits to shadow IT, it also poses additional, unknown risks that the IT department may be exposed to. The key is finding the right balance between democratising IT and minimising the security risks of doing so.
Cyber Security Asean: What are some of the risks that shadow IT can introduce to companies? How would these affect IT operations in the long run?
We are now in what Dell Technologies calls the data decade, where the key to business success is securing data – the most valuable asset an organisation could have. Today, data is no longer meant to support the business – it is the business. Whether it is analysing data to avoid previous pitfalls, predict profitable future trends, or to improve the current level of service/quality, data is the lifeblood of the business. What shadow IT will do, without a proper plan in place, is exacerbate the risks of losing data. And there is a multiplier effect – once compromised, IT departments not only have to scramble to plug the security gaps and recover lost data, they must continue to simultaneously manage other unaffected users.
Take a very simple example: for an organisation with lax control in its device lifecycle management, it is not uncommon for employees to download and install unverified software on their personal devices – where their work files also reside – that could expose an organisation’s data to hackers. Then there are the different operating systems and environments that run on the various personal smartphones, tablets and PCs, and the differing levels of security on each. To top it off, imagine if it is an organisation that is a modest 50-person strong. A single security breach can have a devastating domino effect on the business.
In the Dell Technologies Global Data Protection Index 2020 Snapshot (GDPI 2020), 70% of respondents in the Asia Pacific & Japan (APJ) region – and this was before COVID-19 hit – said that they fear their organisation will experience a disruptive event in the next 12 months. Those fears have come true – businesses must seriously consider or invest in technologies that will help them get a better grip on shadow IT.
Cyber Security Asean: With the growing implementation of work-from-home policies and with more employees using their own devices, how do you think this will affect the use of shadow IT within companies?
The workplace as we know it has changed – the idea of future workstyles where employees demand the flexibility to work, collaborate and innovate anytime, anywhere and in any way they want, is already here. At Dell Technologies, we believe that work is not anchored to a specific place or time, but is instead focused on outcomes.
The pandemic has left IT departments reeling and playing catchup as they struggle having to pivot and find a quick, effective answer – almost overnight – to enable a remote workforce. That means transformative initiatives, when it comes to employee experience, take a backseat as IT spends the majority of its time caught up in run-the-business tasks like PC deployment, help desk requests, and monitoring and troubleshooting. And as employees’ needs and desires change, and corporate IT allows more devices – and a greater diversity of them – into their environment, shadow IT will only become more prevalent. That may not necessarily be a bad thing – but only with the right controls in place.
And make no mistake – a motivated and inspired workforce cannot be underestimated when it comes to determining a business’ trajectory. An environment where employees have access to the latest devices to help them be productive, wherever and whenever they are, is crucial to attract new talent and keep current employees engaged, productive and secure with devices personalised for their needs.
Cyber Security Asean: What would you advise companies to mitigate their shadow IT?
Balancing employee experience while managing IT time and effort is a double-edged sword. The no.1 challenge for IT is getting technology to work easily, quickly and seamlessly with minimum effort, frustration and downtime for the end-users, so unsurprisingly, IT spends an inordinate amount of time at the helpdesk, monitoring systems and troubleshooting issues.
What IT departments really need is an end-to-end solution that simplifies management of the entire lifecycle of devices – freeing up their time to do more strategic work while minimising employee friction with technology. In our research and from speaking with customers to better understand IT’s biggest challenges and how to solve them:
89% want a partner with knowledge and expertise
77% of respondents want a partner who can help them free up internal IT resources
48% want a partner with the ability to scale deployment on demand
When searching for the right technology partner, look for one with a comprehensive solution that will give employees a frustration-free, ready-to-work experience, while enabling IT with automated, open and intelligent solutions for unified management. The solution should equip IT admins with device selection, deployment, security, management and support through flexible, scalable services and solutions that integrate with any user environment, regardless of OS, device and cloud environment.
Cyber Security Asean: How does your organisation help businesses resolve their shadow IT problems?
Dell Technologies Unified Workspace is a one-stop-shop platform that is perfectly tailored to address the uncertainties with shadow IT. What makes it particularly unique is that it integrates solutions across Dell devices and services, VMware and Secureworks, providing a unified solution rooted in intelligence and insights based on telemetry. The platform streamlines process and provides automation and visibility across the entire endpoint environment, minimising non-value-add work.
Consider these five key areas that IT needs to take note of and how Dell Technologies Unified Workspace addresses each:
By integrating factory and cloud, we provision applications with Unified Workspace endpoint management solution in the factory. Systems are then shipped directly to employees, anywhere, everywhere so they can hit the ground running, and IT can focus on what’s next.
Trusted devices, trusted access and trusted data enable employees to work anywhere, anytime without compromising their productivity. With Unified Workspace, collaborations are protected with zero-trust security; trusted devices have security built-in, and (for PCs) safe solutions protect above and below the BIOS.
Unified Endpoint Management (UEM) is becoming essential with so many employees needing to work from anywhere, and with Dell Technologies Unified Workspace, IT will be able to manage all devices from the cloud through one simplified console. The Unified Workspace endpoint management solution helps IT secure and control its entire IT environment and all endpoints within the network regardless of OS, including smartphones and tablets. The apps and data on these devices will be protected with multi-layer security features for encryption and device controls to prevent unauthorised access and modifications.
Dell Technologies Support Services are built on a foundation of artificial intelligence (AI), machine learning and data analytics. With Dell ProSupport for PCs, IT can take advantage of telemetry-driven insights to stay informed, maintain control and remotely resolve PC issues on one or many devices. Employees get to focus on their work by getting support that stays out of their way.
Intelligent PCs with built-in AI with cutting-edge innovations like ExpressResponse, Intelligent Audio and ExpressSign-in mean employees can work the way they want, wherever they want. Unified Workspace is now implemented across Dell Latitude, Precision and OptiPlex commercial PCs.
For views and opinions from other subject matter experts concerning shadow IT such as Albert Chai, Managing Director of Cisco Malaysia, Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky, Jonathan Tan, Managing Director Asia at McAfee and Anne Hardy, Chief Information Security Office, Talend, click here to download the September issue of our Special Focus.