When it comes to the Bring Your Own Device (BYOD) to work debate you probably think you've heard it all. But have you considered how BYOD may be introducing risks other than simply exposing company data to unprotected devices? If left unmanaged, a whole shadow IT culture can quickly develop whereby BYOD usage is just the start. Before you know it your business is riddled with rogue applications and valuable company information is scattered across numerous silos of data.
So what do I mean by shadow culture? Shadow IT exists where any employee uses software (often fully licensed or freely open source) outside of the approved or standardised packages already running inside any size of firm. It is a close family relative of BYOD - you could also call it BYOS.
A shadow IT scenario
Say a small to medium sized business (SMB) has an accountancy package that looks after the books and also processes invoices and credits. The software in question has limited analytical forecasting functionality, but it is functional and adequate -- plus more importantly, it is approved, secured and protected from malware.
One day a bright spark decides to start using a piece of spreadsheet software to run some financial projections and the files start making their way around the company. This might not sound like much of a risk to start with, but shadow IT exerts its effects starting out small; after time a set of "data silos" start to build up where some employees are working inside the company system, while some are working (at least for a part of their time) outside of it.
Regardless of where shadow IT originates, the risk is tangible. Whether a small business has a formal set of IT policies or not, the growth of "islands of data" that are hard to pin down and track is a) not desirable b) not productive or efficient and c) a security risk.
Dealing with data silos
In theory it should be easier for a small business to manage its IT in order to avoid the shadow IT data silo phenomena, but this is not always the case in the real world. SMBs can try to insist that all devices with business data have to be secured and backed up by a companywide network service, possibly cloud based. Whatever you decide, I have I hope made the case for higher levels of IT security protection clear.
Of course it is right that everyone takes full advantage of BYOD as they look for innovations that can help increase their productivity and profitability. But it has to be managed. You obviously don't want to get caught in the shadows. Just make sure whatever you decide - in addition to giving you the right security and data protection - it is also easy to manage.