Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit approval from the organization’s IT department. This includes employees using personal devices for work, or downloading and using software or cloud services that haven’t been vetted and sanctioned by IT. While shadow IT can help employees be more productive by allowing them to use tools they find efficient, it poses significant risks to an organization, including security vulnerabilities, data breaches, compliance issues, and challenges in maintaining a cohesive IT infrastructure.
A new report from JumpCloud highlights the myriad challenges faced by small and medium-sized enterprise (SME) IT teams, ranging from the rise of shadow IT to ongoing cybersecurity threats and the unpredictable impact of artificial intelligence.
Shadow IT, which refers to the use of unauthorized applications and resources, has become a significant concern for IT teams. A striking 84% of SMEs express worry about applications managed outside of IT, with 35% being “very concerned.” This issue is amplified by the proliferation of cloud applications and the increasing use of AI tools.
The reasons for not addressing shadow IT vary: 36% of respondents cite more pressing priorities, 31% struggle to keep up with rapidly changing business needs, and 32% lack the ability to discover all applications used by employees, highlighting a critical visibility gap.
Cybersecurity remains a persistent threat, with nearly half (45%) of SMEs experiencing attacks in the first half of 2024. Phishing is the most common attack vector (43%), followed closely by shadow IT (37%) and stolen or lost credentials (33%).
Despite their best efforts, 49% of IT teams report that their organizations lack the necessary resources and staffing to adequately secure against cybersecurity threats. This resource gap leaves many SMEs vulnerable in an increasingly hostile digital environment.
The report also examines the complex device landscape IT teams must manage. On average, SME environments consist of 24% macOS devices, 18% Linux devices, and 63% Windows devices. This diversity creates challenges for centralized management and security enforcement.
The proliferation of digital identities and access points has led to widespread credential fatigue. Only 26% of employees can access all their IT resources with just one or two passwords, while 17% must manage 10 or more. This complexity not only impacts productivity but also increases security risks.
In response to these challenges, 84% of IT teams prefer a single, centralized platform to manage user identity, access, and security rather than juggling multiple-point solutions.
The relationship between SMEs and managed service providers (MSPs) continues to evolve, with 76% of SMEs relying on MSPs for at least some functions. However, expectations are rising.
The impact of AI on IT operations remains a topic of debate and uncertainty. Opinions are split, with 22% of IT professionals believing AI’s impact will be less significant than anticipated, while 23% see its potential as greater than previously thought. Despite the potential benefits, 61% of respondents agree that AI is outpacing their organization’s ability to protect against associated threats.
As IT teams navigate this complex landscape, they face mounting pressure to secure their organizations while enabling productivity and innovation. The report underscores the need for improved visibility, centralized management tools, and robust security measures to address the challenges posed by shadow IT, diverse device environments, and evolving cyber threats.
With 71% of IT professionals warning that cuts to their security budget would increase organizational risk, it’s clear that continued investment in IT resources and security measures is crucial. As SMEs look to the future, finding the right balance between security, efficiency, and innovation will be key to navigating the ever-changing IT landscape.