When companies are unable to provide their employees with the data they need quickly and easily, staff take matters into their own hands. This results in a plethora of uncontrolled, redundant copies.
“Nature finds a way” is one of the key quotes from Steven Spielberg’s “Jurassic Park”. You could also say: Users find a way. Especially when it comes to ensuring that the data they need for their work is readily available. This is understandable if you consider that many projects are under enormous time pressure and the Time to Market for new products is getting shorter and shorter. On the other hand, this results in enormous security gaps, which is all the more alarming as this often concerns company-sensitive data from the development department. However, files that would seem to contain less important information may also be of interest to hackers, for example telephone directories or holiday lists.
Staff and specialist departments practice shadow IT
Users are tremendously resourceful when it comes to using non-approved memory locations. These range from desktop PCs, private USB sticks and hard drives or home directories on the company’s servers to public cloud services such as Dropbox. However, databases such as Microsoft Exchange are also partially misused as filing systems.
This shadow IT often originates in the specialist departments that try to solve specific problems behind the IT department’s back in this way, whereby the uncontrolled storage of data is often not the only thing they do on their own authority. In most cases they also independently purchase tools or cloud-based services, apps, social media solutions or even use self-programmed applications.
Files are everywhere – and there are usually multiple copies of them
In a new study entitled “Common Gaps in Data Control: Identifying, Quantifying, and Solving Them Using Best Practices”, IDC examined the situation with physical data copies on behalf of Actifio, a specialist in data virtualisation. 429 companies from various industries, each with a staff of more than 1000, were interviewed. It was found that the respondents produce an average of 13 copies of their data and run 12.95 databases in which these copies are often stored redundantly. Considering the fact that each of these databases also has several backups – an average of 7.4 backups according to the survey – it’s easy to reach a three-digit number of physical copies of each file. Not to mention the uncontrolled shadow IT duplicates.
On the one hand, this causes storage costs to escalate, yet more disturbing is the fact that each of these physical copies is a potential target for hacker attacks.
Quick availability: Learning from shadow IT
What can companies do to regain control of their data? In order to answer this question, it’s important to understand that it is impossible to completely prevent shadow IT. The IT department will never be able to react as quickly and comprehensively to the needs of the users and specialist departments as it should, which is why there will always be non-approved interim solutions. But: Shadow IT can also be used to analyse the gaps between employee requirements and available IT services, and find common solutions to these problems. Shadow IT is a flawless indicator that shows where the time-critical gaps between IT and the various departments exist.
Part of the solution must be to allow the specialist departments a certain amount of freedom in choosing the tools and solutions they need, for example, for filing data. However, there must be clearly defined rules on this. Company-sensitive data and procedures must remain in the sole custody of the IT department. In addition, the specialist departments must observe compliance regulations and adhere to security guidelines. This may require holding instruction courses for the employees or informing them accordingly.
Bring Your Own Device is obsolete
The use of all private devices – whether USB sticks, hard drives, smart phones, tablet PCs or notebooks – at work should be prohibited. The BYOD (Bring Your Own Device) concept that was very popular for a few years has proved to be an extremely high risk for data security. Most companies have therefore already switched over to CYOD (Choose Your Own Device). The idea behind this concept is that although companies provide their employees with the devices they need, they allow them to choose from several models.
Furthermore, the number of physical file copies has to be reduced. To do so, it is advisable for the CIO to first try to find out the reason for the flood of copies by talking to the specialist departments. Then they can work out a solution together that considers not only the users’ need for readily accessible data, but also the requirements of data security and an efficient storage concept. (rf)