Shadow IT: The Threat Is in Your Office

By the DynaSis Team

You may have seen the term “shadow IT” in the news and wondered what it means. Maybe you assume it refers to underground technology groups—shady characters doing bad deeds in dark corners. In reality, shadow IT is much closer to home.

The term refers to unsanctioned technology-based activities that take place within organizations, undetected. It first arose to describe unauthorized solution building, such as tweaking a server to run faster, or setting up an unapproved Wi-Fi access point. However, unapproved (and often prohibited) IT activities have become so commonplace that the term can now encompass a variety of behaviors:

• Using unauthorized cloud services or applications to access, create and/or store corporate data
• Accessing the network on prohibited (e.g. open, unsecured) networks
• Allowing unsanctioned individuals to use corporate devices
• “Jailbreaking” corporate phones—making modifications not supported by the manufacturer—to make them run faster; to run unapproved applications; to support customized themes and icons.

Modifying a server requires a fairly high level of technical expertise, so it is not one of the more common shadow IT activities. Consequently, even though tweaking a server, network or other system is unacceptable—and can be dangerous if the effort compromises corporate defenses—this type of activity is not the greatest threat for the average SMB.

Surveys show that employees at all levels—even the executive who metes out punishment when others engage in prohibited behaviors—will “hop” on an unsecured network in a pinch or loan a phone to a friend (or even a stranger) for “just one call.” And, with technology “tips” websites and magazines running articles with titles like “Five excellent reasons to jailbreak your iPhone,” it’s no wonder tech savvy personnel are tempted to explore this customization trick.

The stark truth is that it only takes one minute, one call, or one infected download to wreak havoc on the corporate network, its assets and potentially its reputation and profitability. SMBs must implement strong defenses that ensure personnel cannot engage in risky IT behaviors undetected. They also must rigorously train staff about the dangers—and consequences—of such actions.

These solutions are part of the multi-layered security strategy that DynaSis and other leading security experts promote. We’ll tell you more about it in an upcoming blog. For now, stay safe and remind your employees of their obligation to make responsible decisions where technology is concerned.

About DynaSis

DynaSis is an Atlanta IT services and cloud computing provider for small and midsized businesses. All of our solutions focus on helping companies achieve the three fundamental IT necessities of the modern business—availability, security and mobility. We specialize in on-demand and on-premises managed IT services, managed cloud infrastructure, desktops and backups, and professional hardware and equipment installation. For more information about DynaSis’ IT support and services, visit www.dynasis.com.