Shadow IT: Remote Working Challenges

06 June, 2023, by Rachel Swann

In the age of COVID-19, remote working is more common than ever before, with many workers choosing not to return fully to office work. While this is great news for workers, who get more flexibility in their work, this can pose as a serious problem for the IT department in the form of 'shadow' IT.

Shadow IT occurs no matter where people are working. It’s basically when workers use apps or services that aren’t approved by the IT Department. This might get the job done at the time, but it can cause more problems down the line. Hardware, software, cloud services, applications: all of these can compromise sensitive data if they’re not approved.

With the rise of remote working, it’s harder to enforce the policies which keep shadow IT at bay. When you’re in the workplace you can see which pieces of hardware people are using, what sites they’re accessing, and whether they’re using the right software. Frustrated workers might find it harder to communicate with the IT department, not only because of remote communication, but also because remote working poses unique issues that might take longer to fix.

Workers may feel more autonomous due to working from home and if not provided with adequate resources or timely access to those resources required to achieve their goals, they may just turn to their own unapproved solutions. Whether they use their personal devices, opening up vulnerabilities, or whether they put sensitive company data into their own cloud storage, there’s dozens of ways your employees might be putting their, and your security at risk.

So how do you reduce the risk of the use of shadow IT in your organisation?

• Establish clear policies and guidelines for the use of technology solutions. Consider using tools that block or flag downloads or installs. You don’t want your employees going to an unsecure website and downloading a virus, because they thought they were downloading a solution to their problems.
• Crucially, employees must be provided with the resources and tools they’ll need to work remotely, and these may be different from what's required in the office. Making sure your employees have the right hardware, correctly configured is crucial for your long-term risk management. Personal devices can be slower and are almost always less secure, causing further issues. Hardware requirements should be regularly reviewed and employees should be encouraged to flag their needs as soon as possible.
• Possibly (and ironically) the greatest risk often comes from your most senior stakeholders. They are almost always issued with mobile devices and will often be required to engage whilst travelling or sometimes out of hours in an emergency. All of this increases the potential for them to resort to shadow IT if their standard equipment is perceived as inadequate. It is worth engaging with them to work out any special requirements to ensure that their equipment and its use remain under organisational control.
• Along with this, ensuring that your IT department monitors and assesses your security risks, will reduce your exposure to cyber threats. Increasing the ability of your IT department to take back control of any IT usage.

Ultimately Shadow IT occurs because employees are not having their needs met. If you keep communicating and working on solutions to each new issue, then you lower the risk of frustrated workers losing faith in your IT department and using their own equipment instead.