GBAF Logo
Mobile banking app interface highlighting customer experience issues - Global Banking & Finance Review
This image showcases a mobile banking app interface, illustrating challenges in customer experience as highlighted in the article. It emphasizes how traditional banks are losing ground to fintech innovations like digital wallets from tech giants.
Top Stories

MOVE OVER BRING YOUR OWN DEVICE – NOW WORKERS ARE PACKING THEIR OWN CLOUD AND APPS INTO THEIR VIRTUAL BRIEFCASE

Published by Gbaf News

Posted on August 1, 2014

6 min read

· Last updated: November 1, 2023

Add as preferred source on Google
fintech Digital banking Wealth Management cybersecurity Enterprise mobility

The Rise of Shadow IT Products

 – Espion looks at the challenges for CIOs in the era of “Shadow IT products” –

Like it or not, today’s workers want to use their own devices, applications and software to be more productive at work.  Who could blame them for wanting to take advantage of the time-saving, skill-boosting, collaboration-enhancing, process-streamlining (and more) apps and software that have flooded the market.

In many cases, these “Shadow IT products” (non-approved SaaS applications), are downloaded and adopted by employees without consulting their IT department.  The scale of this was highlighted last year when a Stratecast and Frost & Sullivan study found more than 80 per cent of survey respondents admit to using non-approved SaaS applications in their jobs.  In addition, the study found, the average company uses around 20 SaaS applications; of these, more than seven were non-approved.

This new frontier poses many challenges for CIOs who are expected to deliver IT and enable people to work to their own personal expectations, in the way they use technology in the home – fast, wireless connected 24/7 whilst trying to maintain security and compliance.

Navigating Complex IT Management Challenges

In an increasingly complex device, application and software landscape just how can today’s CIO navigate the ever-evolving tasks of Application Management, Mobile Device Management and Enterprise Mobility Management?

Weighing Security Risks Against Rewards

The risks versus the rewards

Without doubt, apps and cloud solutions such as Basecamp, Salesforce, Dropbox and Google Apps are great for productivity and flexible working.  However organisations need to be highly cognisant of the downside some apps pose for information security risk, particularly as consumers often ignore end user licencing agreements (EULAs), enabling developers to collect and utilise private information to varying degrees.

According to application security company Veracode, 67 per cent of mobile applications can access, add or edit address book contacts.  This ability to read data from SIM cards and transmit it to unknown geo-locations could expose an organisation to data loss, improper transmission and storage of potentially sensitive corporate data.

Espion security consultant, Shane Ryan explains:  “The worst case scenario is that IT is unaware of cloud and mobile apps employees are using which means they can’t control data access and management.  Here a key concern should be corporate data access and data confidentiality issues.

It’s important we learn from the BYOD frontier, where devices were accepted so quickly and extensively that before organisations knew it, vast numbers of employees were using their personal devices for work with little to no consideration of the security implications.  As information security moves higher up the corporate agenda CIOs need to take a strategic risk-based approach to managing devices, applications and non-enterprise approved Shadow IT software.”

It is paramount CIOs take heed of the growth in consumer market technologies within the enterprise and accept this trend will continue to evolve.  Organisations should plan and address the security aspects of devices, apps and software.

When it comes to protecting your data’s confidentiality, integrity and availability, your resources as well as your reputation here are ten things to consider.

Practical Strategies For Managing Shadow IT

Ten tips for tackling Shadow IT

 

  1.      Monitor your network to keep track of what Shadow IT is lurking in your systems

By continuously scanning and monitoring your network you will be able to identify Shadow IT and keep track of what’s going on.

To identify the cloud services being used outside of IT’s scope you can process log data from your firewalls, proxies, SIEMS and Mobile Device Management products.

  1.      Quantify the risks by knowing who has access to your corporate data

A key concern should be corporate data access and data confidentiality issues.

By identifying and understanding what data you are processing, transmitting and storing then you can classify data into categories such as confidential, internal organisational use only, public etc.  This will help you ensure the right level of controls are used to protect the data.

 

  1.      What’s the policy?

Consider having a ‘consumerisation policy’ that states what apps, software and devices can be used in the workplace, what part of the network they are allowed to access and what security procedures and protocols they must adhere to.

  1.      Make use of ‘intelligence’ resources that are available to find out about these apps

Using App Risk Management and Policy

Currently there are exciting new trailblazing technologies that help enterprises determine the ‘trust’ level of apps with all-in-one App Risk Management services and global databases of analysed public and private apps.  Apps can then be blocked based on your risk appetite and enterprise policies.

  1.      Communicate the risks to stakeholders

Explain to colleagues that when they deploy Shadow IT the configuring and managing process (applying patches, authentication and access controls as well as security testing) falls outside the organisation. That makes organisations and their reputation vulnerable.

Enforce the use of approved applications only which meet enterprise standards, and when necessary restrict network access to workers who fail to comply.

 

  1.      Fear Free apps

While workers may think they are saving money by opting for free apps, these technologies generate revenue by sharing user data with third parties like ad networks which impacts on overall app security and privacy.  If you are not paying for the app you and your company data are the product.

  1.      Look for solutions to secure these apps and clouds

When it comes to controlling the extended enterprise, simply and securely, find a solution that can streamline wide-scale deployments by securing or restricting apps automatically.

 

  1.      Don’t overlook licencing agreements

Shadow software and apps challenge software asset management compliance.  What would your organisation do if unapproved software spurred a compliance / regulatory audit with the risk of fines?

 

  1.      Work with employees to tackle this issue

Aim to work with employees to tackle this issue and have a clear dialogue with business stakeholders about their business challenges and requirements.  IT should ultimately be enabling the business to work better and smarter at a known level of risk which is accepted by the business.

Remember to build awareness around the hazards of Shadow IT into your company-wide security awareness and training.

  1.   Perform security testing regularly

Evaluate device security and usage of apps periodically.

Key Takeaways

  • Shadow IT—employees using non-approved SaaS and cloud apps—is widespread and poses security and compliance risks.
  • CIOs must transition from blocking to managing Shadow IT by implementing monitoring, governance frameworks, and collaboration with business units.
  • Tools like CASBs, network log analysis, and low‑code governance help bring Shadow IT under control without stifling productivity.
  • Employee behavior often drives Shadow IT when IT services lag business needs, so CIOs must improve responsiveness.
  • A strategic, risk‑based approach including awareness, procurement controls, and training can turn Shadow IT into a business advantage.

References

Frequently Asked Questions

What is Shadow IT?
Shadow IT refers to IT hardware or software—as SaaS apps or cloud services—used within an organization without the IT department’s approval or oversight.
Why is Shadow IT a concern for CIOs?
Shadow IT introduces security vulnerabilities, compliance gaps, data fragmentation, and integration challenges due to lack of centralized oversight and governance.
How can CIOs identify Shadow IT?
By monitoring network traffic, analyzing logs from firewalls, proxies, SIEMs or MDM tools, and deploying Cloud Access Security Brokers (CASBs) to detect unsanctioned apps.
Can Shadow IT offer any benefits?
Yes—when harnessed via governance, Shadow IT can boost productivity, enable innovation, and be aligned with business needs through citizen development tools.
What strategies help manage Shadow IT effectively?
Effective strategies include proactive monitoring, establishing governance and procurement controls, engaging business stakeholders, promoting low‑code platforms, and fostering cultural collaboration between IT and business.

Tags

Related Articles

Image for Why the Most Valuable Economic Asset Is Something You Can't Measure

Why the Most Valuable Economic Asset Is Something You Can't Measure

Image for The Quiet Return of the Patient Economy

The Quiet Return of the Patient Economy

Image for The New Wealth Equation: Why the Future May Belong to Economies That Create More With Less

The New Wealth Equation: Why the Future May Belong to Economies That Create More With Less

Image for The New Discipline of Growth: Why Smart Economies Are Learning to Move With More Care

The New Discipline of Growth: Why Smart Economies Are Learning to Move With More Care

Image for The Most Valuable Resource in the Global Economy Isn’t Money Anymore

The Most Valuable Resource in the Global Economy Isn’t Money Anymore

Image for The Invisible Asset Reshaping Global Finance

The Invisible Asset Reshaping Global Finance

More from Top Stories

Explore more articles in the Top Stories category

Image for The Hidden Value of Time: Why the World's Most Successful Businesses Think Differently About Growth
The Hidden Value of Time: Why the World's Most Successful Businesses Think Differently About Growth
Image for The Invisible Engine of Wealth: Why Some Economies Keep Winning Without Getting Bigger
The Invisible Engine of Wealth: Why Some Economies Keep Winning Without Getting Bigger
Image for The Economy’s New Power Move: Learning to Absorb the Shock
The Economy’s New Power Move: Learning to Absorb the Shock
Image for The Confidence Gap: Why Economic Progress No Longer Feels Certain
The Confidence Gap: Why Economic Progress No Longer Feels Certain
Image for The Economy You Can’t See: Why Invisible Assets Are Quietly Rewriting Global Wealth
The Economy You Can’t See: Why Invisible Assets Are Quietly Rewriting Global Wealth
Image for The Day Ownership Stopped Being the Goal
The Day Ownership Stopped Being the Goal
Image for Why the World’s Biggest Economic Shift May Be Happening Quietly
Why the World’s Biggest Economic Shift May Be Happening Quietly
Image for The Trust Economy: Why Confidence Is Becoming More Valuable Than Speed
The Trust Economy: Why Confidence Is Becoming More Valuable Than Speed
Image for The Stability Premium: Why the Global Economy Is Starting to Reward Consistency Again
The Stability Premium: Why the Global Economy Is Starting to Reward Consistency Again
Image for The Stability Premium: How Resilience, Trust and AI Are Repricing the Global Economy
The Stability Premium: How Resilience, Trust and AI Are Repricing the Global Economy
Image for The Silent Economic Transition That Could Define the Next Decade
The Silent Economic Transition That Could Define the Next Decade
Image for The Return of Balance Sheet Discipline: Why Financial Strength Feels Strategic Again
The Return of Balance Sheet Discipline: Why Financial Strength Feels Strategic Again
View All Top Stories Posts