Shadow apps are software-as-a-service (SaaS) applications that are used on business networks but are not supplied by the IT department or even visible to them.
Shadow apps are often collaborative software, such as unified communication and collaboration (UCC) applications that enable greater productivity in the office. The apps are sometimes installed by general users in an organization; however, CEOs are often the biggest offenders because they are less locked down with user rights management than the rest of the staff.
Commonly-installed shadow apps include Google apps and Dropbox. These and other shadow apps carry with them an increased risk of data breaches because they have not been verified to be secure. The risk of data breaches associated with shadow apps has been estimated to be three times greater than is the case with internal applications. Shadow apps can also cause bandwidth issues on the network, slowing things down for all users and impacting productivity.
CIOs are in a difficult position to limit shadow apps. The software often improves communication and productivity, while security and data breaches may not seem to be real threats until they happen. Managing shadow apps requires cooperation and communication between CIOs, CEOs and other employees.
The first step required to deal with shadow apps is an audit of all apps used on the corporate network. There may be something in the enterprise’s supported software that could be used for the same purpose as a shadow app. On the other hand, some unsupported apps may be installed but not used – according to research, up to 75 percent of software installed on enterprise is never accessed. Finally, an audit may also reveal areas where internal apps are not working effectively, so that IT can step up to fix the issues.