Operational Resilience And Shadow IT
Discover the impact of Operational Resilience on the Shadow IT applications in your business.
The term Shadow IT is one we often use when talking to our clients, as it neatly sums up the space in which End User Computing Applications, including spreadsheets, sit within an organization. However, I thought it would be worth explaining exactly what Shadow IT is, and the risks and challenges associated with it.
Shadow IT encompasses applications, systems, devices and services used without the direct approval or management of an IT department. Often these applications integrate with, and work alongside, Enterprise IT systems (SAP, IBM OpenPages etc) to manage the day-to-day business processes organizations rely on.
Many businesses will have found that their Shadow IT estate has increased rapidly in recent years, with the rise of cloud computing and the use of collaboration systems such as Google Docs, Office 365, Slack and Dropbox. The use of BYOD policies has also contributed to the increase in Shadow IT with IT teams unable to truly control employee’s use of devices and the software installed on them.
While Shadow IT applications can often improve user’s productivity & efficiency, the risks associated with these tools is often overlooked.
Without any visibility or controls, Shadow IT applications present a headache for the IT & Risk departments responsible for ensuring data security and regulatory compliance across a business. Gartner estimates that by 2020, one-third of successful attacks experienced by enterprises will be on data located in Shadow IT resources, meaning the pressure is on to ensure that they are used in a controlled and safe way.
IT needs shift from trying to control the shadows to enabling safe shadow. Educate on the risks and hold lob management accountable
— Jon Leighton (@jonleighton88) July 24, 2017
If businesses are to enable their end users to use Shadow IT safely, they must take into account its numerous risks:
Regulators are starting to take note of these risks posed by Shadow IT; the PRA & FCA issued a discussion paper outlining their approach to Operational Resilience in the UK Financial Services sector. Amongst other things, this paper covers the need for financial institutions to ensure the confidentiality of data, which effectively brings Shadow IT applications, such as spreadsheets, under regulatory scrutiny.
See our whitepaper for more information on Operational Resilience, Shadow IT and how to prepare your business to mitigate the risks.Download The Whitepaper