Shadow IT: Gaining control of a parallel universe

For network managers, merely the thought of unknown or even partly unknown IT infrastructures on a network can be enough to send a shiver down the spine. In shadow IT networks, complex infrastructures can develop from everyday practice, without the approval or knowledge of the IT department.

These infrastructures can range from manageable hardware environments to complete ERP solutions that are in daily use throughout the company – using the data of the official ERP system, but that are in no way accessible to the IT department, says Martin Hodgson, head of UK & Ireland, Paessler.

Independent shadow infrastructures often arise as a result of poor management or planning. If a department is not offered adequate solutions for the work they are tasked to do, or heads of department aren’t educated in the need to work from a centralised enterprise network, the situation may arise where solutions are created from the ground up without proper consultation with the IT department. Much like the creatures in Stranger Things, shadow IT networks can unleash a plethora of risks for networks and unwitting IT departments.

Exposing potential vulnerabilities

This is perhaps the first major risk which comes to mind when we think of unknown infrastructure on the network. Infrastructure that has been set up without the knowledge of the IT department often lacks the required level of security to ensure protection from cyber-attack. In some instances, hardware may be lacking up to date firmware and may even be without a firewall or virus scanner. In a world where a network is only as strong as it’s least secured device. This may leave an entire enterprise network vulnerable to attack.

Reducing the damage from data loss

Shadow IT systems and applications run outside of the IT department’s backup and restore plan. This can mean that mission critical business functions may be taking place without a back-up solution at all. In the event of an incident, such as a cyber-attack that leads to data loss, crucial company data may disappear entirely without any chance of recovery. In a worst-case scenario this can cause significant damage to company operations with potential for serious financial repercussions.

Securing data

Even if we ignore the issue of operating without sufficient back up, a shadow IT network may give no overview of potential data access. This means that external service providers, contractors and even former employees may have access to sensitive data. With no permissions overview, there is no way of predicting who can access data and what could be done with it.

Martin Hodgson

Maintaining efficient operations

Shadow IT hardware and software is often installed without the requisite testing. Although these systems may directly benefit the individual activities of the installer, this is often a reason for the creation of Shadow IT in the first place, the untested system may slow or even stop other business critical systems on the network. Even in shadow IT networks that run smoothly, double maintenance and administration is required to ensure the system continues to run smoothly in parallel with the official enterprise network.

Internal compliance

To state the obvious, the creation of shadow IT processes outside of established IT department protocol will likely violate a company’s IT compliance rules. More seriously however, introduction of shadow IT systems for specialist departments may be a fundamental breach of external regulation such as data protection law. In these instances, breaches of external regulation can lead to large fines from regulators and even company collapse.

Scary stuff, but it doesn’t have to be this way. Thankfully even widespread shadow IT issues can be controlled if the right strategies are put into place by the IT department and senior management. The first step to removing shadow IT systems is being able to locate them. Network visibility is the number one factor leading to the detection and removal of shadow networks. Even well-hidden parallel infrastructure may be detected for example via unusual data traffic readings through a router or switch.

The author is Martin Hodgson, head of UK & Ireland, Paessler

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more