Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

People Start ups

Group

Fintech
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Shadow IT is on the rise and it could cost you

We’ve all done it right?

Downloaded a bit of software which will help do our jobs. Nothing wrong with that you might say. We all can get bored with the company provided software that doesn’t quite match what we need. And who wants to go to the IT department, make the case for a new expense and all the paperwork that’s required to get it up and working?

But the real problem is, people who use software without the permission of their organisation’s IT team are putting themselves and everyone else at risk.

These dangers are backed up by research from Gartner, which estimated that one-third of successful attacks on enterprises are on data located in shadow IT resources.

Yet Shadow IT is on the increase and many companies are either unaware of it happening, or won’t acknowledge it. Many look the other way, preferring it didn’t happen, but not sure how the rules can be enforced.

We did a survey recently which examined the use of shadow IT in the form of SaaS (Software-as-a-Service) across 200 companies. The sample included companies from industries with specific data security obligations, such as healthcare, cybersecurity/identity and financial.

And this is what we found, which surprised even us. Over the 200 surveyed businesses, there were a staggering 23.6 million instances of shadow IT usage, across 2,259 unauthorised software platforms. This means that, over the course of an eight-hour workday, an employee accessed an unauthorised software platform every 4.9 seconds.

Shadow IT accounts for more than half of daily software usage for over half the companies surveyed.

Which means, in simple terms, most software used by companies is not authorised. Okay, our sample was 200 businesses, but we know that that is a very accurate sample and reflects the state of the market.

Think about for a moment - over half of the SaaS stack in companies is likely to be made up of a considerable proportion of software that is unauthorised.

If that doesn’t give management teams the jitters, I’m not sure what will.

It’s a shocking result and you can wonder why companies are so lax when it comes to putting a stop to this, but the potential results of using unauthorised software are the real worry here.

Take the first nightmare and one which should keep cybersecurity/identity and financial companies awake at night. It’s bad for security, full stop. Unsanctioned tools may lack robust security features. This makes them more vulnerable to attacks and data breaches.

Also what about compliance issues? Unauthorised tools can lead to contract violations and breaches of industry-specific regulations and certificates. This can end up causing you to be on the wrong end of some hefty fines.

And think of two very practical considerations. As departments purchase overlapping tools and services without centralised oversight, it can be a drain on money and time resources. Then there are potential integration problems. When teams use incompatible tools, integration problems can lead to information silos and collaboration issues.

As for which teams within a company use Shadow IT, unsurprisingly, it's the sales and marketing teams which are the main culprits. Indeed, 44% of shadow IT is used by the sales team, with marketing coming in at 21%. Next on the naughty step is product/engineering at 18%, then HR at nearly 7% and data at 5%.

As for which software is most used within the Shadow IT stack, it doesn’t take a genius to guess which one is most up there. Yes, it's artificial intelligence, which suggests that many companies who ban the use of AI, especially in the finance industry, are either ignorant of this fact, or just don’t know what to do to stop it.

So to answer my own question, yes, Shadow IT is very bad.

But here’s a very sobering fact: employees are 3.5 times more likely to use shadow IT than approved SaaS in their day-to-day work. People prefer their own choice of software, full stop.

So I would suggest two courses of action, as a matter of urgency. Firstly, I would advise every company to conduct an immediate and extensive SaaS audit before it's too late.

Secondly, companies need to ask themselves why their employees are using Shadow IT. There’s a huge gap here, between what companies use and what people want to use - a classic case of people not talking to each other and understanding what people actually need.

This gap has to start closing, and fast.

1777

Channels

People Start ups

Group

Fintech
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Brad Van Leeuwen

Brad Van Leeuwen

Co-founder and COO

Cledara

Member since

09 Nov 2023

Location

New York

Blog posts

2

More from Brad

This post is from a series of posts in the group:

Fintech

Fintech discussions and conversations around the development of fintech.

See all
Community
See all blogs »
Fintech 

Shadow IT is on the rise and it could cost you

Brad Van Leeuwen

Brad Van Leeuwen

Capital Markets Technology 

Niklaus Wirth, and How Financial Computing Can Help Save The Planet

Steve Wilcockson

Steve Wilcockson

Banking Strategy, Digital and Transformation 

Beyond White Label Banking to Banking as a Service

Steve Morgan

Steve Morgan

Financial Inclusion 

What is Financial Inclusion

Raktim Singh

Raktim Singh

Now hiring

See more