Text size: A A A

Shining the light on Shadow IT in government

‘The burden of knowledge’ is a condition suffered by many who run government IT services. They know what can go wrong, and how very wrong it can go.

This burden, however, means these leaders also know how important it is to have the right safeguards in place to prevent potentially catastrophic, events from happening.

Most other business units don’t have this knowledge when it comes to implementing IT, they think mainly about user experience.

Enter Shadow IT.

It’s an issue brought on by the advent of the cloud and the software-as-a-service (SaaS) applications that came with it. Other contributing factors include the growth of BYOD culture within government departments and the wider consumerisation of IT.

Dimension Data’s Global Threat Intelligence Report 2017 shows that cyber-attacks against government departments increased from 7% in 2015 to 14% in 2016, pushing the government sector into a tied first-place with finance. Shadow IT is the most common source of these attacks with employee/insider responsibly growing. Cybercriminals know it’s a vulnerable point and they strive to exploit it.

The big offenders

Our experience with public sector customers suggests that, while no specific business unit is exempt from blame, marketing directorates are one of the biggest perpetrators of this practice, followed closely by HR and finance.

Some of the biggest drivers of shadow IT are productivity apps, such as Microsoft Office or Google Docs, as well as file-sharing, storage and back-up apps like Dropbox, and social media platforms. Most of these are viewed as part-and-parcel of daily work in many government organisations.

The problem is that, without the approval and input of IT, using these applications can pose a threat to the business.

With the recent loss of productivity and revenue by the Petya and WannaCry ransomware attacks around the globe, government susceptibility to cyber intrusions has been accelerated.

Unfortunately, non-IT business units tend to think more about the front-end, what the app can do rather than the necessary security, infrastructure and back-up that’s needed to prevent any issues or outages.

Outages are just the beginning too. Cyber intrusions can lead to data loss, issues with compliance and data sovereignty, privacy breaches, and conflict with the organisation’s wider digital strategy.

Don’t forget about IT

Technology has advanced, and so too have the number and complexity of types of applications the IT directorates typically manages.

According to the Australian Department of Finance, Government agencies have been ramping up their uptake of cloud services in recent years with millions being pumped into improving employee and customer experiences.

If everything under the Shadow IT umbrella is included in that mix, you may be talking hundreds or even thousands of applications being managed by an IT directorate with limited resources.

Communication and cooperation is what’s needed between IT and other parts of the organisation to make sure the right applications are being implemented. Most importantly, new apps and other services need to be implemented securely to find the balance between different departments’ needs, and the organisation’s wider IT strategy.

Ironically, the public cloud – as well as the likes of converged infrastructure – has simplified the back-end. This means IT units using these platforms should have more time to spend working with other departments and creating custom applications to stop them resorting to an unknown, and potentially unsecured, app to do the job.

IT’s input should mean that the right security and backup requirements are catered to, but also that the right critical infrastructure is in place to keep the organisation protected.

It’s important that IT owns the overall IT infrastructure vision within an organisation, and hence acts as the integrator. This better utilises resources in terms of time, effort and money.

This effort can be easily hampered, however, by other departments going around it. Centralising tech needs through IT can even help save on CAPEX and OPEX, removing redundant IT services and maximising existing resources.

Looking to IoT

It’s been long touted, but we’re not quite there yet with the Internet of Things.

study from Aruba Networks highlights that the government sectors’ uptake of IoT strategy has been the slowest, with many senior managers and executives not sure how to implement strategies that will net the best result for employees and customers alike.

The study exposed the huge disparities between what we all think constitutes IoT.

It’s clear that it will add to the already growing data deluge departments face and put more pressure on the edge of the network. What is still unclear is what forms the phenomenon will take and its exact impact on government organisations. One thing we do know is that IT must be the one to manage these devices and the data going through them.

This means it’s more important than ever that government IT teams and other business units find common ground to make sure new apps are sanctioned and fit with the overall digital strategy.

Robert Linsdell is Managing Director Australia and New Zealand, Vertiv

Author Bio