Yea, though I walk in the valley of the Shadow IT, I carry a big stick

Originally posted: Sat, 20 Jul 2019 08:51:54

Users are infuriating at the best of times. Then there are the ones who smuggle their own applications or devices onto your network. Welcome to the deep, dark depths of Shadow IT...

Shadow IT, if you don't know, is the concept of users run amok and installing whatever application or device they think they need without asking. Tut Tut. Of course, this is also partially your fault, for ignoring the Principle of Least Privilege and letting them, so we can't be too angry at the poor end users. Or we can, but we have to admit that our oversight allowed this to happen.

This is one of those Big Problems, along with people clicking every link in sight, and those special snowflakes who plug in every USB thing in sight because SHINY!

Why is it an issue?

If you have to ask, you haven't thought about it. Software on your network from parts unknown could be anything: there could be a trojan horse buried in it, or a keylogger. It could be transmitting data of any kind to anyone. Compatibility issues could mean it has a detrimental effect on your current setup. It could also be unlicensed, which is a headache all of its own.

While there isn't always a reason to suspect the 'ware isn't safe, that doesn't mean you can take leave of your senses either: if you didn't put it there, it shouldn't be there.

The Fix

It is actually a reasonably easy problem to fix, though: first have a policy that states no unauthorised software on any of your machines (have this policy backed-up by scary bouncer types. Or just the management). Next, use group policy to make sure no-one has access to be able to install crap. Finally, get some decent asset management software that will monitor not just your hardware assets, but also the installed software too.

If you also have a policy where you are open to looking into new software that others suggest, this will help mitigate Shadow IT problems. Encourage your users to come to you with suggestions and involve them in the testing phase. Explain to them what they need to take into account and get them to argue the case for it. If it passes muster, maybe you'll have something to implement that might make life easier. More often than not, though, you'll get users who understand why you said no, and that's worth its weight in gold-pressed latinum.