Shadow IT: Gaining control of a parallel universe

For network managers, merely the thought of unknown or even partly unknown IT infrastructures on a network can be enough to send a shiver down the spine. In shadow IT networks, complex infrastructures can develop from everyday practice, without the approval or knowledge of the IT department.

These infrastructures can range from manageable hardware environments to complete ERP solutions that are in daily use throughout the company – using the data of the official ERP system, but that are in no way accessible to the IT department, says Martin Hodgson, head of UK & Ireland, Paessler.

Independent shadow infrastructures often arise as a result of poor management or planning. If a department is not offered adequate solutions for the work they are tasked to do, or heads of department aren’t educated in the need to work from a centralised enterprise network, the situation may arise where solutions are created from the ground up without proper consultation with the IT department. Much like the creatures in Stranger Things, shadow IT networks can unleash a plethora of risks for networks and unwitting IT departments.

Exposing potential vulnerabilities

This is perhaps the first major risk which comes to mind when we think of unknown infrastructure on the network. Infrastructure that has been set up without the knowledge of the IT department often lacks the required level of security to ensure protection from cyber-attack. In some instances, hardware may be lacking up to date firmware and may even be without a firewall or virus scanner. In a world where a network is only as strong as it’s least secured device. This may leave an entire enterprise network vulnerable to attack.

Reducing the damage from data loss

Shadow IT systems and applications run outside of the IT department’s backup and restore plan. This can mean that mission critical business functions may be taking place without a back-up solution at all. In the event of an incident, such as a cyber-attack that leads to data loss, crucial company data may disappear entirely without any chance of recovery. In a worst-case scenario this can cause significant damage to company operations with potential for serious financial repercussions.

Securing data

Even if we ignore the issue of operating without sufficient back up, a shadow IT network may give no overview of potential data access. This means that external service providers, contractors and even former employees may have access to sensitive data. With no permissions overview, there is no way of predicting who can access data and what could be done with it.

Martin Hodgson

Maintaining efficient operations

Shadow IT hardware and software is often installed without the requisite testing. Although these systems may directly benefit the individual activities of the installer, this is often a reason for the creation of Shadow IT in the first place, the untested system may slow or even stop other business critical systems on the network. Even in shadow IT networks that run smoothly, double maintenance and administration is required to ensure the system continues to run smoothly in parallel with the official enterprise network.

Internal compliance

To state the obvious, the creation of shadow IT processes outside of established IT department protocol will likely violate a company’s IT compliance rules. More seriously however, introduction of shadow IT systems for specialist departments may be a fundamental breach of external regulation such as data protection law. In these instances, breaches of external regulation can lead to large fines from regulators and even company collapse.

Scary stuff, but it doesn’t have to be this way. Thankfully even widespread shadow IT issues can be controlled if the right strategies are put into place by the IT department and senior management. The first step to removing shadow IT systems is being able to locate them. Network visibility is the number one factor leading to the detection and removal of shadow networks. Even well-hidden parallel infrastructure may be detected for example via unusual data traffic readings through a router or switch.

The author is Martin Hodgson, head of UK & Ireland, Paessler

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


The IoT Now Guide to MWC Las Vegas 2022

Posted on: September 26, 2022

The inaugural Mobile World Congress Las Vegas event takes place from the end of this month, and it is set to lay a roadmap for the issues and opportunities the mobile industry will meet on its continuing digital journey.REGISTER NOW TO READInside the IoT Now Guide to MWC Las Vegas 2022 MWC22 LAS VEGAS PREVIEW:

Read more

Inpixon and Schauenburg Systems team up to sell real-time location technologies to mining companies in South Africa

Posted on: September 26, 2022

Palo Alto, United States – Inpixon, the Indoor Intelligence company, announced a collaboration agreement with Schauenburg Systems, an original-equipment manufacturer of mine safety systems and equipment, to sell Inpixon’s real-time location technologies to mining companies in South Africa. Under the agreement the parties will aim to achieve sales of hundreds of thousands of nanoLOC chips and other core

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox