Shadow IT: A Serious Threat to Law Firms
October 14, 2021
What is Shadow IT?
The first problem with cautioning lawyers about the dangers of shadow IT is that most of them have no earthly idea what it is. So let’s start there.
Gartner has defined Shadow IT as meaning IT devices, software, and services (including cloud services) outside the ownership or control of the IT department of a business.
Once lawyers understand the definition, they generally say that everything is within the control of their IT department. Most of the time, that answer would be wrong, though many don’t know it.
Just the Facts Please
Studies by Gartner have revealed that Shadow IT constitutes an amazing 30-40% of IT spending in big enterprises. Advisory firm CEB estimates that the right percentage is 40%. Everest Group research states that it makes up 50% or more of the spending. No need to split hairs – all three numbers are big.
Small law firms are not immune to this trend. How many law firm services are in the cloud, especially today? And are they all under the control and direction of the IT department? The likely answer is no.
Are They All Renegades?
Absolutely not. In fact, Shadow IT is sometimes implicitly permitted or even encouraged. Many would argue that Shadow IT makes businesses more competitive and allows for enhanced collaboration and innovation. In their view, users discover applications or services that allow them to do their jobs better or more easily, and IT can subsequently go in and secure the applications or services. In our experience, this is not a useful way to approach risky behavior by employees, the consequences of which can be dire.
Why do employees “go off the reservation?” Sometimes, the IT department moves slower than the average tortoise or routinely raises objections to what employees want to do. Undeterred, employees make an end-run around the rules – it is generally simple for those who have access to data to put it where they want and use it as they wish using tools or services that may not be authorized.