Dedicated employees often seek to achieve their goals and objectives through whatever means allows them to do so. Sometimes, this involves purchasing technology services that aren’t approved by your business. For example, when file sharing and synchronization services first came on the market, many employees turned to personal Dropbox accounts to sync work content between their business and personal devices. They did not do this with any malicious intent. On the contrary, they were trying to benefit the business by being more productive.
This situation, where individuals and groups seek out their own technology solutions, is a phenomenon known as shadow IT. Shadow IT poses a risk to your business because it puts sensitive information in the hands of vendors and accounts outside of your control and unknown to you. Shadow IT can cause data loss, if a user leaves the company and takes a personal account with important company data within it, or can leave your business open to unknown breaches, Dropbox has a breach and you think you aren’t affected because your business does not “officially” use Dropbox.
St. Aubin’s support specialists remain vigilant for shadow IT adoption and reminds users and managers the presence of shadow IT in your business means data is being stored over channels your business does not control, and there appear to be needs that are not being met.
There is an argument that shadow IT has benefits. One could argue shadow IT cannot be stopped 100%. Some statistics say that 97% of employees are more productive when allowed to use preferred technologies’ and 80% of companies should deploy technologies suggested by employees. However, documentation and deployment standards should be met on all utilized solutions.
Therefore, when the hallmarks of shadow IT are identified within your business, St. Aubin support specialists consult with the users to communicate the dangers of using technologies without proper documentation and to identify acceptable alternatives where business and user needs are met, documentation and security requirements are satisfied, and ensures all business data remains in control of your business.
This is even more important in industries that must meet compliance requirements such as HIPAA and PCI DSS.
We don’t do this service because we are looking for a resale potential for the money, we do this to maintain the CIA triad (confidentiality, integrity, availability) of your business data, giving your business data a path to success no matter what the future holds.