Shadow IT on the Rise But Feds Unsure How to Tackle Security Risks

Lisa S./

Many federal technology decision-makers say they see widespread use of shadow IT in their agency, but consider themselves Ill-equipped to handle its accompanying security risks.

Despite the increasing prevalence of unauthorized apps and devices -- aka shadow IT-- in the federal technology workspace, few decision-makers feel confident they can control its accompanying security risks.

About 90 percent of the federal IT officials polled in a new report by SolarWinds, which provides IT performance management software, said they’ve noticed at least some shadow IT use in their organization. But only 13 percent of respondents said they are “very confident” in their ability to protect their systems from the security risks that could come from the practice.

The survey and an accompanying report examines shadow IT, shared services and mobile devices in the federal sphere. Two hundred federal IT officials from such agencies as the National Security Agency, the General Services Administration and the Internal Revenue Service were polled.

The use of shadow IT will likely continue to grow, according to the survey. More than half of those polled said they predict it will become more popular over the next two years. Respondents from defense agencies expected the biggest growth. 

Most respondents attributed its popularity to the “long/cumbersome IT acquisition process” or a “perceived lack of innovation by IT department.”

Shadow IT was also rated one of the most difficult areas of IT to oversee, according to the survey, coming behind only cloud computing.

“We really wanted to dig into [shadow IT] because it's something that people were telling us that they didn't have good controls on, that there was expanding use in their departments, [but] they weren't sure how to manage it,” said Mav Turner, director of product marketing and business strategy at SolarWinds, in an interview with Nextgov.

The survey also examined the increasing popularity of IT shared services.

Respondents noted that although they were concerned shared services could negatively affect security and performance at their agency, many also noted its benefits.

Sixty percent of respondents said the main benefit of shared services is cost savings. Many respondents also said shared services help make performance more reliable because it standardizes IT services. 

“I think there’s still a lot of opportunity for agencies to improve their offering of shared services, so that it is not just about cutting costs but it's actually about improving services," Turner said. "Because by consolidating, you really can offer a better service."

The survey also examined the security concerns surrounding mobile devices in the workplace.

Though most respondents said their agency does not give personal devices access to their system, 80 percent said they still worry about the security risks from mobile devices.

(Image via Lisa S./