The Pitfalls of Shadow IT Services
It is very easy to purchase cloud services. One simply provides a little bit of information and enters a credit card number. Some services are even free. However, signing up for cloud services to use for work can be a bad idea. Here’s why:
Security risks. Many cloud services that are free or inexpensive are designed for consumers. They may be fine for sharing photos or chatting with family, but they do not have the security features of a business-class cloud service. Using these services for work can create security risks and expose the company to regulatory compliance violations and potential lawsuits if sensitive data is exposed.
Lack of management. Technology pros have a name for cloud services that users procure themselves: “Shadow IT.” Normally, your IT provider (or department) is unaware of these services, and they do not manage them. There are no controls over what data is stored in the cloud or how the data is backed up and protected.
Unmanaged access controls. A related problem stems from unmanaged access controls. Individual users often share the login and password to a cloud app, and pretty soon that app can be accessed by just about anyone. Conversely, one user may control the password to a service where important data is stored, and access is lost when the user leaves the company.
Excess costs. Individual users often procure cloud services at a single-user rate when a company-wide license would be more cost-effective. Users may also sign up for services that are not needed, because the functionality is already available with existing tools. Also, billing for cloud services may continue even if they are not used or the individual who signed up has left the company.
Inconsistency. When each user signs up for a different cloud service, there is a lack of consistency across the company. This can create confusion because data cannot be shared across the various apps.