Shadow IT & The Shadows that May Be Only
By Stephen Trout, , HIPAA Blog, Resources, Security

“Before I draw nearer to that stone to which you point,” said Scrooge, “answer me one question. Are these the shadows of the things that Will be, or are they shadows of things that May be, only?”

A Christmas Carol, by Charles Dickens

Christmas hope is always rimmed with shadows.

Scrooge knew it; an eighth century BC prophet knew it as well: “The people walking in darkness have seen a great light; on those living in the land of the shadow of death, a light has dawned.” Isaiah 9:2

The good news (to which both pointed) is that such shadows can be seen for what they are – dark forebodings meant to point us to a better outcome. 

Shadow IT?

It may not be Scrooge’s risky behavior, yet “shadow IT” – the downloading of software and apps without your IT’s express permission – can spell trouble, in 2 ways especially: 

  1. You effectively create “shadow IT networks” that become difficult for your IT department to manage, both from a security and cost perspective.
  1. You also risk downloading malicious versions of apps which might deliver malware and other harmful code from hackers.

Not surprisingly, shadow IT got a boost from the pandemic and remote work, as TechRepublic notes:

“48% of respondents admitted to using their own devices to access work documents and corporate networks while working from home. Meanwhile, 34% of employees reported using private email or file-sharing cloud services for work purposes – again against the advice of employers.”

Gartner Research has noted that as much as 30% to 40% of the purchases in the enterprise involve shadow IT spending; other studies say it’s closer to 50%.  One writer suggests that, 

“Enterprises may have hundreds, or perhaps thousands, of cloud accounts that run outside of IT’s purview. Without visibility into company usage across these cloud services, enterprises are both running a security risk and leaving money on the table.”

In other words, companies can get a better handle on security and costs (maybe even qualifying for volume discounts) if they can streamline their cloud services.  

Shine a Light

“Men’s courses will foreshadow certain ends, to which, if persevered in, they must lead,” said Scrooge. “But if the courses be departed from, the ends will change.”  

Scrooge needed to see the bad, in order to see the possibility for change. As Thomas Hardy famously wrote, “If a way to the Better there be, it exacts a full look at the worst.” 

Companies that eschew an “everything is fine” mentality will refuse to live “in the shadows.” It’s not doom and gloom, it’s a healthy realism that takes potential malicious vectors seriously.

They’ll seek full visibility of all applications in their organization to draw out unhelpful, possibly harmful, “shadow” elements.  

They’ll want to know how these applications are being used, as well as secured. Is there a better, safer solution? These are critical questions for any proactive risk assessment.

HIPAA Vault specializes in being a “one-stop shop,” allowing you to bring your shadow IT into the light and choose compliant IT solutions. We provide fully-managed hosting – including HIPAA WordPress, Email, Drive, and Fax. You might even have a merrier Christmas as a result!

If you have any questions on HIPAA Vault’s secure, proven solutions, or any of the services we provide, please contact us! 760-290-3460.

Trust HIPAA Vault to provide the safe communications & positive patient experiences that you expect! All our solutions are designed to protect you from costly HIPAA violations and fines, and data breaches that can ruin your business reputation. Our fully-managed security is designed to limit your liability and bring peace of mind!