March 27th, 2019
Dealing with shadow IT in the financial sector
By Adam Leeflang - General Manager - Products
Most corporate IT teams are likely to feel that they have tight control over their operations, with a good grasp of the types of sensitive data their organisations keep and, indeed, how it is used. However, a troubling phenomenon, known as shadow IT, is quickly making its way into many businesses, potentially compromising the security of data and organisational reputation. This issue is particularly problematic within the financial sector, thanks to its absolute dependency on digital security to retain customer faith and loyalty.
What is shadow IT?
Shadow IT is essentially a technology that individual employees or special business units may decide to start using without the consent or knowledge of their relevant IT team. Indeed, shadow IT is not usually employed with malicious intent, but can cause a number of problems that the user may not have anticipated.
The unstoppable growth of shadow IT has been driven by the impressive popularity of SaaS (software as a service) applications, in part due to their simplicity and ease of use. For IT teams, this means that their firms are likely to be using a number of applications that they are totally unaware of. This is a serious issue for financial services organisations, as the strict regulatory standards, they are expected to abide by may be infringed thanks to shadow IT.
What are the risks of shadow IT for financial services firms?
Data may get lost
The main risks associated with the use of shadow IT are the loss of important data and the misuse of old data. Indeed, shadow IT can create complications in even the most airtight of cybersecurity programmes as it can make it difficult to locate data that is being stored on hidden IT applications. What’s more, applications run outside of IT team control will not have the same backup and recovery options as central organisational applications. This increases the risk of data loss and could cause serious damage to a financial firm both in terms of reputation and, by extension, business ROI.
Most users of shadow IT are completely oblivious to the fact that the applications they are using do not include security measures such as patches, updates, or data encryption. As such, they leave their organisations vulnerable to cyber attacks and malware. Hackers are known to prey on software vulnerabilities, so it is important for IT teams to stress the dangers of unapproved applications.
Financial services firms are put under a huge amount of pressure to stick to certain regulations set out by the government to keep consumers safe. Non-compliance with these regulations can result in large and potentially very damaging fines that should be avoided at all costs.
So how can shadow IT be tackled?
The best way to combat shadow IT is, of course, to prevent it from being deployed in the first place. Financial services businesses should do everything in their power to warn employees of the dangers of shadow IT.
As shadow IT is so pervasive, however, it may also be a good idea to make use of an application such as Open-AudIT, a tool that allows IT teams to see what is on their network, as well as program configurations and change histories – a must-have for financial firms everywhere.