Nowadays, many employees and professionals develop their own solutions for business processes. In most cases, information technology systems are installed or integrated on their own without being officially controlled and approved by the IT department. Both individual employees and entire departments can use so-called shadow IT. IT systems used secretly include software and hardware.
Examples of shadow IT include servers, PCs, user programs, or cloud services that are specially procured by employees. Individual departments use shadow IT primarily when central IT is too slow and inflexible and then simply fall back on their installations. According to a survey by Censuswide*, shadow IT has increased significantly in recent years. In this context, more than 50% of respondents stated that applications are used in their company of which the IT department does not know. The main reason for this increase is that companies have access to more and more software, especially cloud services, which can be used quickly and effectively by employees without IT knowledge. Even if the use of modern hardware and software in the company is rejected, employees are happy to resort to the simple means of shadow IT.
However, many are unaware of the dangers associated with using shadow IT. From lack of access to compliance issues (e.g., when employees store internal company data in their personal cloud accounts) to data loss, shadow IT poses enormous risks to a company. License compliance issues also play a major role. Usually, companies have a list of software that employees are allowed to install on their computers – in the form of software distribution. If employees now download and install shadow IT on their own in the form of other programs, there is a high probability that licenses will be unknowingly violated. In the worst case, this reflects on the company! Proprietary solutions used by individual departments that are not controlled and managed by central IT can put the entire department at risk – especially when an audit is due.
The biggest risk, however, is the security risk to the entire IT infrastructure, like shadow IT is not covered by security measures such as an organization’s known and supported devices and applications. Attacks from outside the enterprise can occur via unauthorized shadow IT without the central IT department knowing about it!
This is where an IT asset management system can help because IT cannot protect what it does not know! Therefore, a complete and accurate list, of all components of the IT infrastructure is one of the most important requirements. JDisc Discovery’s ITAM solution scans all assets for deployed software and all devices in the IT infrastructure are detected. This includes existing shadow IT instances. After the scan, a detailed listing and control of deployed IT can be performed, and security gaps caused by shadow IT can be eliminated. JDisc Discovery also offers benefits as a permanent measure, as it cannot stop at a one-time survey of shadow IT instances. Permanently, Discovery should be considered so that the IT department can monitor the deployed software and identify security gaps at any time.