Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Do You Have a Shadow IT Problem?
80% of modern workers admit to implementing some form of shadow IT, a figure that has drastically increased as organisations have adjusted to remote working, away from the oversight of IT departments. In fact, 67% of teams admit to implementing collaboration tools without IT approval, in large part as DIY solutions to the challenges imposed by remote working.
This rogue IT implementation leaves security wide open, and experts predict that shadow IT will soon be responsible for as many as one in three security breaches, especially as 83% of IT professionals report the storage of sensitive data in unsanctioned cloud-based applications. This will become an even greater problem as employees return to the workplace and bring shadow IT applications with them. For organisations using traditional perimeter-based security systems, bringing malicious applications behind the firewall is a disaster waiting to happen.
Before major in-house breaches can occur, organisations need to bring shadow IT out into the open by taking the time to understand what shadow IT is, the risks it poses, and what steps should be taken to mitigate these risks. Here, we’re going to look at these questions and try to provide some much-needed clarity around shadow IT. Let’s get started.
Suggested reading: For an in-depth guide on how to future-proof your cyber security strategy, check out — Planning For the Future of Cyber Security Today.
Shadow IT refers to any technology used within your organisation without the approval or oversight of existing IT departments. This might include cloud services, hardware or software that is employed by entire teams or individuals.
Cloud services like SaaS, and the ease with which they can be both implemented and shared across devices, have become especially prevalent within shadow IT, with IT departments knowing about a mere 108 of the 1,083 cloud services typically employed across an organisation. Other increasingly common forms of shadow IT include:
Shadow IT has existed for years but has experienced rapid growth due to BYOD (bring your own device) and cloud infrastructures. The overnight remote switch during 2020 only accelerated its popularity, with 51% of respondents to a recent survey stating that remote working has made it harder to control their IT infrastructures, a fact that led to as many as 26% noticing the unsanctioned download of software as a direct result of the shift away from office-based working.
There are many reasons for this, most of them well-intentioned but no less damaging as a result. The most common reasons for employing shadow IT include:
Even as employees return to the workplace, ongoing drives for flexible work and BYOD ensure that shadow IT isn’t going anywhere. It’s only by addressing this issue head-on that IT departments can again control the flow of information and the systems that enable it.
Suggested reading: If you want to read more about the cyber security threats posed by remote working, check out our blog — Has Remote Working Created a Massive Cyber Security Threat? And what to do about it
Regardless of the fact that shadow IT is often implemented with good intentions, risks are inevitable when data is stored in unmonitored applications and software. The most prevalent shadow IT security risks include:
Responding to these threats largely means understanding the whys and wherefores of shadow IT. A cyber security risk assessment is the first step towards this goal, shining a light on shadow IT that makes it possible to prioritise threat management, target security investments and develop a strategy that minimises the risks associated with shadow IT.
Most crucially, this level of oversight can provide the knowledge IT departments need to develop what’s known as ‘defence in depth,’ a cyber security strategy that layers defensive mechanisms to protect valuable data and information against even hidden risks. An effective layered response to shadow IT will typically cover key aspects of security, including:
Managed security providers can help to implement these layers of security, ensuring prevention rather than cure and keeping shadow IT outside of corporate networks. All the while, the increased understanding that this oversight brings puts IT departments in the best possible position to recognise why employees are using shadow IT, and the steps they can take to fill performance gaps that render it obsolete even as BYOD and flexible working patterns continue.
Suggested reading: Check out our blog — Four Ways Strategic Partners Improves Cyber Security.
IT departments can’t control what they can’t see, so as employees return to the office it’s imperative to bring shadow IT out into the open, ensuring that IT departments can remove legacy applications and hardware while recognising why employees are turning to shadow IT in the first place.
Managed IT service providers are best positioned to make this consolidation possible, providing the oversight and intelligence that’s previously been missing. With a range of flexible, on-demand services designed to help organisations get the most from their resources, our team here at Six Degrees are on hand to shake shadow IT out of its hiding place.
As working patterns continue to evolve, our approach to the cyber security journey can help you every step of the way, from assessment to optimisation. If you’re looking for a cyber security partner to help mitigate shadow IT problems, deliver returns on investment and drive positive outcomes, get in touch today.
Cyber security breaches have the potential to cause…
Microsoft 365 has enabled us to communicate, collaborate…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
