Why Shadow IT Prevails for UK SMEs - Image by Gerd Altmann from PixabayFuelled by hybrid working models, easy access to cloud services, and the evolution of AI, shadow IT continues to be a pressing issue for UK organisations. Today, business users demand access anywhere at any time using multiple devices, while they expect their confidentiality, integrity, and availability to be preserved as if they were in the office.

For those less familiar, shadow IT is the unsanctioned use of an unapproved tool to access, store or share corporate data. It can also occur when an employee accesses an approved tool in an unauthorised way. To compound the issue, the recent explosive popularity of generative AI applications like ChatGPT has led to an additional rise in ‘shadow AI’, which is the unsanctioned use of artificial intelligence.

Employees adopt shadow IT for their convenience and productivity. Often, they feel they can work more efficiently or effectively using their personal devices and preferred software, instead of the company’s sanctioned IT resources. However, with resource-stretched IT departments, skills shortages, and increased costs, it’s not always easy for IT teams to quickly onboard new solutions, leading to increased shadow IT usage.

Nonetheless, blocking access to applications and tools isn’t the answer. Often, this only encourages employees to adopt more shadow IT using unauthorised, insecure solutions and devices.

The impact of shadow IT on data security

Our Q3 2024 SME IT Trends report revealed that SMEs are very concerned about the impact of shadow IT on data security. Shadow IT enlarges attack surfaces. With IT admins understandably hungry to gain greater control and visibility over their IT environment, Shadow IT makes this harder, if not seemingly impossible. Eighty-five per cent of UK respondents surveyed said they are concerned about applications or resources managed outside of IT, with a third “very concerned”.

Furthermore, over a third of respondents say that they have more important priorities than addressing shadow IT, with 28% admitting that business users move too fast. Unfortunately, almost one-third (31%) of IT admins surveyed said they don’t have the ability, the skills, or the resources to discover all unauthorised applications.

Employees just want to get the job done

Shadow IT continues to be a problem because employees feel the pressure to move faster than IT departments can cope with. But shadow IT is less nefarious than once thought. It’s not about being defiant or obstructive. Most of the time, employees just want to get work done better and faster.

In today’s highly competitive landscape, employees and business leaders need technology that will enable them to meet KPIs, achieve sales goals, and address customer demands. As a result, they lean on unapproved software solutions that they prefer to use for their everyday tasks.

The stark reality of shadow IT is that it demands extensive funds from businesses which extend to:

  • Out of control IT Spending
  • Duplicate licenses
  • Security breaches and data security vulnerabilities

Ignoring IT protocol can lead to excessive waste as well as increased risk, other costs, and:

  • Lack of adoption of corporate (paid for solutions)
  • Training costs
  • Lack of integration and automation between systems
  • Siloed data
  • Lack of collaboration between teams/departments

Our survey found that UK SMEs are being targeted by bad actors, with 44% saying they’ve been a victim of a cybersecurity attack. Nearly two-thirds (60%) of UK SMEs claim they have had multiple attacks in 2024. Phishing was cited as the main source of these attacks, closely followed by shadow IT. Nearly half claimed they lacked the resources to protect against such attacks.

Do the limited benefits outweigh the risks and weaknesses it creates in the organisation? There are very few benefits to shadow IT. Despite growing concerns and the need to tighten up the adoption of unauthorised technology, shadow IT is still prevalent, with drawbacks clear:

  • Data is being stored in locations that the business does not know about.
  • Applications are being used that haven’t been vetted for security, privacy, and compliance.
  • Data can be lost or stolen more easily.
  • The risks of downloading malicious applications are high.
  • Because there is no internal IT support, the risks of mistakes and errors that lead to data loss are significantly higher.

Growing complexity compounds shadow IT

Without a doubt, the IT landscape is becoming more complex. UK respondents in our survey said that the number of tools used to manage the employee lifecycle was continuing to increase. Our research indicated that 46% of UK SMEs are managing anywhere between 5 to 10 tools, a 14% increase from our last report.

This means that resource-stretched IT teams are struggling to manage authorised tools, let alone unauthorised tools. The vast majority (81%) felt that a single centralised solution for identity, access, and security versus many-point solutions would be extremely beneficial.

Looking ahead, Gartner predicts that by 2027, 75% of employees will use technology outside of IT oversight. Therefore, what practical steps can IT departments adopt to combat shadow IT?

Managing shadow IT

They first need to understand where shadow IT already exists in their organisation. This will not only help to guard against it, but it can indicate where the organisation could improve its processes, technology, or employee experience. Employee surveys are a great place to start identifying shadow IT and improving technology to maintain organisational alignment with best practices.

It might sound obvious, but it is important to provide easy access to the resources employees need, regardless of whether they’re office-based, hybrid, or fully remote. Other aspects to consider include:

  • Utilise operating systems that employees are comfortable with.
  • Mobile device management (MDM) tools that facilitate bring your own device (BYOD) or are platform-agnostic allow employees to work with the platforms they’re comfortable with.
  • Prioritise UX with user-friendly tools. For those less user-friendly tools, implement sufficient employee training.
  • Facilitate agility by providing compatible integrations. Get tools to work together rather than forcing employees to work in technology silos.
  • Streamline user account management, avoid password fatigue, and deliver a better employee experience with single sign-on (SSO). This requires employees to remember just one username and password combination.

Shadow IT is not going to disappear any time soon, so organisations should establish a strategy to manage and control it by supporting employees with authorised tools and processes that streamline and secure technology access.


JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud is IT Simplified.

Learn more: https://www.jumpcloud.com/

Follow us: Blog | Community | Podcast | X (formerly Twitter) | LinkedIn | YouTube | Resources

 

Click here to get started with JumpCloud

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here