Today’s digital age is one where employees from all levels are far more engaged with technology. Everyone is walking around with connected devices in their hands or on their wrists. Employees are infinitely more tech-savvy, and IT personnel are no longer the only people with the knowledge to meaningfully use technology. So says Riaan de Bruyn, head of Enterprise Architecture, Internal and BI at e4, adding that application design has focused on the user experience and became much more intuitive for everyone to use, and, therefore, Shadow IT, or technology that employees use without approval or sanction from the IT department, is unavoidable.

Shadow IT can include free apps or SaaSbased solutions and tools, adds Yash Pillay, sales engineer at Trend Micro Sub-Saharan Africa. “Usually, employees turn to unapproved IT solutions because an organisation’s IT solutions are complicated and cumbersome to work with, so they find new technologies and solutions that help them do their job faster and get better results. IT is often completely unaware that these applications or tools are being used.”Shadow IT arrives simply because there is a need for it, says Jonathan Ryall, senior advisor, Field Marketing at Dell Technologies. Many reasons can lead to this, including: constrained IT resources, slow decision-making and implementation around IT projects, and not taking user requirements and experiences into account. For example, a service such as Dropbox became popular because most businesses didn’t offer reliable and easy-to-use filesharing spaces for their employees, or thought what they had was good enough.Anna Collard, MD of KnowBe4 Africa, adds that Shadow IT is nothing new. “A famous example of Shadow IT gone wrong is Hillary Clinton’s disastrous decision to set up her own email server. It’s a classic example of someone using their own resources to get something done, but one that was fundamentally unsound from a security perspective, as it led to classified information being stored on a server that wasn’t government-approved, and had a number of serious vulnerabilities.“Regular employees may want access to a piece of software or tools, but aren’t aware of the consequences of installing them on corporate machines. Many employees also aren’t even sure who to ask to get something approved. The issue has been compounded by the use of mobile devices, which are often just a personal device such as an iPhone or iPad, but are used to process company information. It’s a form of insider threat, maybe not in the conventional sense in terms of being malicious. Often it’s non-malicious but can have an impact.”Unfortunately, Shadow IT poses several risks. Firstly, financial, says Pillay. “One of the benefits that cloud computing has brought to IT is the pay-as-you-go pricing model. It’s also one of the significant offenders of Shadow IT. These days, instead of acquiring technology solutions through official channels, almost anyone can pay for these solutions using a company credit card as an out-of-pocket expense. The consequence is that controlling IT expenses becomes a nightmare and tracking collected IT expenses becomes near impossible. These IT expenses are often done without the involvement of the IT department, which means actual IT costs can very quickly add up.Uncontrolled access