Article | November 14, 2018

Managing The Risks Of Shadow IT

Source: IT Glue
Quality Risk Management 101: QRM And The Product Life Cycle

You can’t securely manage what you don’t know exists. It’s the nature of shadow IT that you’re probably unaware of the extent to which your clients rely on unauthorized apps, devices or other technologies. Nonetheless, it’s this separation between the technology you audit and approve, and the tech that you likely don’t know about, that creates a dangerous vulnerability for cyber attacks to take place.

Think about what your clients expect of you. It’s no longer simply to keep their technology up and running but also to consistently protect their security. These expectations don’t change regardless of the number of unauthorized apps and other cloud services your client is using. The problem, of course, is that your clients likely don’t realize how their use of unauthorized apps, cloud services and devices creates vulnerability.

The risks of shadow IT

Shadow IT generally refers to the apps and other technologies that are used by a business outside of the knowledge of their IT person - that being you. For example:

  • Using unauthorized personal devices to conduct business
  • Storing sensitive information in an unauthorized app
  • Using the free version of an app instead of paying for a version equipped with security parameters