Avoiding Shadow IT Through No Code/Low Code Technologies

By Neil Murphy, Global Channel Chief, ABBYY.

  • 1 year ago Posted in

Shadow IT is a scenario that makes every IT department uncomfortable: Parallel IT structures can develop in companies over a long period and typically without the knowledge of IT managers. 

 

The use of such solutions, which are not integrated into official structures, represents a major risk to the security of a company. With the advent of so-called no code/low code technologies however, employees without IT expertise now have the right tools at their fingertips to work with artificial intelligence (AI) - and without the need for costly IT implementations or training. 

 

The benefits of such solutions for the workforce are obvious. However, solutions in a modern company should only be implemented with coordination from the IT department and based on internal company guidelines. It’s often the role of the CISO (Chief Information Security Officer) to set this policy. Uncontrolled shadow IT must be avoided from the outset and employees must be informed at an early stage about the inherent risks from IT structures that have been changed unintentionally.

 

Digital natives as drivers of shadow IT

 

By definition, Shadow IT is the use of any IT system or software that is used without the knowledge of or prior consultation with the company's IT department. This creates structures outside the controlled IT architecture that have security gaps and can therefore provide a perfect attack surface for cybercriminals. 

 

The more unknown applications are used within a company, the higher the risk that outsiders will gain access to the entire corporate network. This is because the IT department cannot protect itself from threats it does not know exist. In addition to the security risk, shadow IT also has other disadvantages. The fact that the acquisition of new software is often only regulated internally within a specific department means that there is no overall uniform overview of which software and licenses are currently in circulation. This can inadvertently lead to duplicate purchases - costs that would be better spent elsewhere. 

 

To effectively combat shadow IT, you must first understand why it occurs. Most employees who use such applications without consulting the IT department don’t usually have bad intentions. One relevant trigger for the growth of shadow IT in recent years is the new generation of digital natives, who are increasingly entering the job market and bringing with them a high level of digital affinity. When they encounter digitalisation hurdles, they want to take things into their own hands and create solutions to their problems or independently make their way of working more efficient. 

 

Examples include installing and configuring systems that perform business functions such as automation and data integration, or developing data repositories such as a spreadsheet used to manage customer or product data. In addition, we live in a world that is changing faster than ever. There is no time for long coordination loops with the IT department for new acquisitions, which means that employees are increasingly turning to faster, yet more uncertain, solutions. 

 

No Code/Low Code in action against shadow IT

If one of the main reasons for the growth in shadow IT is employees who are happy to tackle the digitisation of their working methods themselves, then companies should take the next step and provide them with the appropriate tools to enable them to do just that. But this must be done without jeopardising the security of the company. 

 

So-called No Code/Low Code platforms are particularly well suited for this purpose, whereby even non-technical users can easily program and compile applications or small apps using drag & drop. No Code/Low Code platforms can therefore function similarly to the building block principle. We see these types of platforms being well suited for improving the automaton of tedious, time-consuming manual processes such as document processing. Employees are empowered to add AI skills that read and understand documents to increase their productivity. At the same time however, the IT department has a precise overview at all times and can better monitor the constructs and adjust them if necessary. The use of these platforms reduces the need for unauthorised programs and applications - and employees can improve their day-to-day work and be more flexible.

 

Transparent insight into structures is the key

Before implementing these solutions, IT departments should first gain an overview of the current situation in their organisations. How are they interacting with systems and processes? What applications do employees access outside the established IT structure? What requirements do they fulfil and for which processes do employees need them? 

 

Based on this process and task mining of information, the IT department can then make an informed decision about which functions colleagues need, and which platform is therefore best suited for their company, whether for evaluating work processes or for intelligent document processing. Additionally, the necessary understanding around the dangers of shadow IT and the implications for cybersecurity must be created among all employees.

 

The emergence of shadow IT in companies is often an indication that employees want more digitisation. However, to protect themselves from the dangers and rising costs that come with it, companies should no longer fear the fundamentals of decentralised IT. They should instead provide their employees with the right tools to participate independently in the digitisation of their company. 

By Frank Catucci, CTO and Head of Security Research, Invicti Security.
By Tom Printy, Advanced Design & Development Engineer, Zebra Technologies.
By Iain Sinnott, Head of International Carrier Sales, Enreach for Service Providers.
By Hope Lynch, Senior Director, Platform, CloudBees.
By Massimo Bandinelli, Aruba Cloud Marketing Manager.
By Paul Baird, Chief Technical Security Officer EMEA, Qualys.