There are many ways that companies suffer financial losses from the use of unauthorized third-party software. And in the current economic climate, no business can afford to throw away money in this manner. But how much does shadow IT cost your organization?
It is easy to see why employees seek out their own IT solutions. As Michael Ringman writes for Forbes, “many [employees] choose to side-step the rules and regulations and covertly purchase — or, in some cases, develop — their desired software and platforms to more quickly and easily meet their needs.” Time is a key factor behind shadow IT – employees become frustrated with the length of time it takes to approve a required solution. But that doesn’t mean it isn’t without its drawbacks.
This article explores how shadow IT drains your resources, the other negative effects it can inflict on your business, and how you can prevent these.
Shadow IT cost statistics
- Business units control 25% of IT spending on average, showing that IT departments are losing autonomy over the software used in organizations.
- Only 20% of organizations say there is no IT spending outside the IT department.
- The average cost of a data breach in the US is $9.44 million. Shadow IT can cause vulnerabilities in your security protocols that could lead to a data breach.
- Ransomware attacks cause 16 days of downtime on average, affecting an organization’s bottom line.
- 33% of companies pay ransoms, which average around $84,000.
- On average, businesses waste over $135,000 each year on unused, underused, or duplicate cloud tools, many of which comprise shadow IT.
The combined cost of shadow IT
Security breaches can cause a huge financial loss for an organization, and the use of unauthorized software and devices is one way that these breaches become more likely.
Using a personal phone, tablet, or laptop to access the company’s network provides an additional point of entry for bad actors looking to access the IT system. It also creates blind spots for your security team – they can’t secure shadow IT if they don’t know about it. In addition, moving company documents around using external file-sharing programs creates risks of data leaks or data loss.
The cost of recovering data, remedying the losses from the disruption of downtime, rebuilding security protocols, and even paying ransoms to release corrupted files can cost your business dearly. In addition, once you have suffered the breach, it makes sense to hire external tech expertise to shore up your systems. This also adds to the expense of the security breach.
Adding to the potential cost of shadow IT is the need to repair the damage that an attack can have on the network and termination points. The work involved may include repairing or replacing company servers, as well as the switches, routers, and other assets that your IT network requires to run.
Where there is data, there is legislation. Most organizations today process and hold vast amounts of data. Anything that threatens the integrity of people’s personal information could see your organization being issued with financial sanctions.
Hackers can get into the internal workings of your IT infrastructure through a personal device connected to your network, or they can intercept data that an employee is handling on an unauthorized third-party app. In any case, there is a potential for legislators to hand out severe and dissuasive fines to your business.
Although there is no federal data protection law in the US, there are a range of state laws as well as regulations that target specific areas of data protection. Any contravention of these can result in fines being issued.
For companies that carry out operations in the European Union, the EU’s General Data Protection Regulation (GDPR) allows regulators to fine companies a maximum of €20 million ($19.8 million) or 4% of the annual global turnover for misuse of data, whichever is the greater.
In addition, there are expenses involved with ensuring employees remain compliant. From the cost of developing a shadow IT policy and the fees for consulting experts in information technology law to the money you might need to spend if an employee takes a shadow IT disciplinary action to a tribunal, it can be an expensive process.
Your core IT framework is set up to allow all employees to share information across the organization in an efficient way. As everyone is expected to use the IT-approved systems, this means that compatibility comes as standard. The IT department approves only those pieces of software that work seamlessly with their existing environment.
When employees start to attach their own solutions, there are risks that compatibility issues will prevent the data from flowing as it should. For some reason, the software might not be able to speak to an existing piece of the infrastructure, leading to incomplete or corrupted data that skews reporting, monitoring, and other functions. This causes a breakdown in the workflow and makes investigating issues more complicated, time-consuming, and, therefore, expensive.
Furthermore, there is the chance that the shadow IT solutions that employees use might not even attempt to integrate with company-wide systems. This means that data exists in silos around the business, and the information gained or used by one department is not shared with others, reducing productivity across the business. It also takes additional time to track down all the relevant information needed to understand the full extent of the operations.
When you hear that IT professionals think their organizations use an average of 30 to 40 cloud applications, but in reality, the number is greater than 1,200, you can understand how difficult it is to keep track of all the data used across the enterprise.
Many shadow IT software solutions require users to buy licenses or pay for subscriptions to use their products. This can prove costly for an organization in two main ways.
|Unused software licenses
|Software company 1E found that the average large organization wastes $7.4 million per year on unused software licenses. This could be that they have downloaded apps that they don’t actually need because they also have access to other, similar apps. Or it might be an app that they use very rarely when there is existing or free software that would produce the same result.
|Duplicate software licenses
|With each department organizing its own IT solutions, there is a lot of room for duplication if they don’t communicate. For example, marketing might buy a license for a design app, which gives access to 1 to 50 users, but only 20 people use it. In addition, the design department might also buy the same license and only use 30 of the 50 available user accounts. The company is paying twice as much as it needs to for the software because the two departments could have shared a single license.
Cyber attacks cost more than money
The direct monetary costs of a cyber attack are just one side of the story. The reputational damage of a company being the victim of such an attack can also be damaging.
If it becomes public knowledge that hackers have gained access to your data, even if it’s non-sensitive, people might question the integrity of your organization and lose trust in its ability to protect their personal information.
In turn, this could lead to clients moving to rivals and the company struggling to onboard new customers. Being fined for data breaches is damaging for a brand, and shadow IT can be the weakness in the company’s defenses that allows cyber criminals in.
Why is shadow IT a growing problem?
There are ever more software solutions on the market. This, coupled with the rise in remote working, has led to employees using their own devices for both work and personal functions and exploring additional tools to support them in their efforts.
What percentage of IT is shadow IT?
It is difficult to pinpoint the percentage of IT that is shadow IT. The Everest Group says it is about 50%. Other surveys suggest that this percentage is different for the different app categories. A study by Netskope claims that 97% of SaaS apps used by enterprises are shadow IT.
What is a shadow IT expense?
Shadow IT expenses usually entail the cost of installing these unauthorized programs. These are claimed as business expenses by other departments and do not go through the IT budget. However, if departments are finding solutions away from the traditional route through IT, this could cut the IT budget in future years.
Shadow IT is costly in many ways. To work out what shadow IT costs your organization, you have to think about the security expenses, compliance costs, the waste on unused or duplicate licenses, and the possibility that shadow IT has affected productivity, too. This is before you even consider the reputational damage that can arise from breaches caused by the vulnerabilities of shadow IT.
Vaultry allows you to track every device on your network in one single dashboard. It will alert you to the use of shadow IT, enable you to gauge your security status, and delete rogue programs immediately. Get started with Vaultry today.