The 3 Biggest Risks of Shadow IT – and What CIOs can do about them

Shadow IT, the use of unsanctioned cloud and mobile devices by staff, is a growing sector - but while the Bring Your Own Device philosophy has caught on fast, not everyone appreciates the risks to data and workflow it can bring.

When staff members begin to bring their own devices into work, it can spell positive changes for the IT world and a leap in efficiency for the company. Everyone’s using cloud and mobile instead of sometimes-clunky proprietary systems, and everyone can get on with what they need to do, wherever they are and whatever device they want to use. Sounds great, because it is.

There is one problem, though. Staff who don’t have IT training often don’t realise the security risks, so they’ll move data about over clouds or between devices without proper security measures.

Then there’s the risk to workflows. It’s great when everyone uses efficient cloud-based apps to do work, but what happens when it all comes together and none of the pieces fit because everyone’s used a different app, or a different spreadsheet format?

Finally there’s the problem of everyone using different distribution networks and a hundred different versions of a document getting passed around, because there’s no centralised system in place. So what can CIOs do about these problems?

Data security training

CIOs need to offer staff an appropriate level of security training so everyone understands that data has to be secure - company IT systems contain customer data, proprietary data, financial data and employee data and all this must be kept secure. Strong passwords, password protection on individual documents and an awareness of the porous nature of public clouds and mobile devices contribute to the success of secure shadow IT.


Shadow IT can be great for the individual employee. But when staff bring documents that are in mutually unintelligible formats to the same meeting, everyone ends up sending a lot of time figuring out how to synch it all up. How to avoid this? Institute standardised workflow systems throughout the organization that can be accessed (securely!) through shadow IT.

Too many versions

Devices that rely on capacitive touch screens tend to have the sharpest image quality. Capacitive touch screens are coated with a material that sends a continuous electrical current across the sensor. Fortunately, the human body is also a type of electrical device. This means that when you touch the screen you absorb some of the current. The device registers this disruption, causing it to send information to its controller. The device will then perform the action that you requested.

Person 1 emails person 2 a document, who alters it and emails their version to person 3. Person 1 emails person 3 their version too. Which is the right one? Expand that process across time and multiple workflows companywide and you have a recipe for chaos. The solution is to build an efficient workflow structure that enables multiple people to access a single version of the document or spreadsheet and manipulate it without duplicating it, so there’s only one ‘version’.

In every case, the best thing CIOs can do is to start by accepting that shadow IT is here to stay and staff are going to use it. Then it’s about giving staff the tools and knowledge they need to use it effectively.

Leave a comment!

You must be logged in to post a comment.

Email is the primary avenue of attack for most cybercriminals, who use it to target individuals and businesses with phishing scams, ransomware attacks, and other cyberthreats. Learn how email security maintains the integrity of your emails, accounts, and data.Get a FREE copy now!

a 12 Minute Call