Channel

Managing the Risks of Shadow IT

You can’t securely manage what you don’t know exists. It’s the nature of shadow IT that you’re probably unaware of the extent to which your clients rely on unauthorized apps, devices or other technologies. Nonetheless, it’s this separation between the technology you audit and approve, and the tech that you likely don’t know about, that creates a dangerous vulnerability for cyber attacks to take place.

LinkedIn:
LinkedIn: Ashley Ogilvie

Think about what your clients expect of you. It’s no longer simply to keep their technology up and running but also to consistently protect their security. These expectations don’t change regardless of the number of unauthorized apps and other cloud services your client is using. The problem, of course, is that your clients likely don’t realize how their use of unauthorized apps, cloud services and devices creates vulnerability.

The risks of shadow IT

Shadow IT generally refers to the apps and other technologies that are used by a business outside of the knowledge of their IT person - that being you. For example:

• Using unauthorized personal devices to conduct business
• Storing sensitive information in an unauthorized app
• Using the free version of an app instead of paying for a version equipped with security parameters

In a nutshell, shadow IT makes it incredibly difficult for you to effectively manage your clients’ technology risk. It’s not as though your clients are doing this on purpose, either. Like you, they’re simply trying to find the most efficient way of getting their job done, but may not recognize that they’re simultaneously leaving loopholes for cyber attacks to take place. In order to ensure your clients are protected, you need to find a way to bring those technologies out of the shadows and into both your and your clients’ control.

How you can help

Not only do you need to know what technologies your clients are using, but your clients need to be aware of the risk they’re taking when they use an app without it being documented. MyGlue, our password and documentation app designed specifically for your clients, helps your clients build accountability for what applications they’re using. You know how important documentation is for your own MSP, but it’s equally as important for your clients’ businesses.

By offering your clients a secure vault for managing their own passwords and documentation, you can ensure they’re documenting every app they use, in order to keep track of them and leave nothing in the dark. It also allows them to start building good password hygiene practices rather than storing them on stickie notes or sending them in emails like they might be currently used to doing.

With MyGlue you also have the ability to collaborate with your clients. This means that they can allow you access to view the different apps and technologies that they’re using, so you can provide the utmost security. Essentially, MyGlue allows you to help take shadow IT out of the shadows, and ensure all apps and other technologies are consistently and securely updated in one central platform.

No more undocumented and unapproved technologies - give your clients a platform that not only builds their own set of security practices but gives you something to ensure you can provide yours.


Ashley Ogilvie produces content for IT Glue, writing about documentation, business processes and automation. Read more IT Glue blogs here.

You can skip this ad in 5 seconds