From digital transformation and the advent of mainstream AI, technology has become integral to business travel. But as your IT estate expands, so does its shadow.
The unsanctioned use of technology at work, better known as shadow IT, is a pervasive challenge for security, finance, and regulatory compliance.
Regional Vice President for Supplier Services, EMEA at SAP Concur.
Today, tools are compounded by AI, with 78% of employees admitting to using unapproved AI systems at work. While media conversation has shone a light on shadow IT, there’s little discussion around the granular impact on individual business functions like travel.
Article continues below
When employees face obstacles in authorized tools, they turn to unapproved platforms due to poor user experience. Slow, rigid, or unintuitive workflows drive them towards convenient, consumer-grade tools with the appeal of user familiarity.
For example, if it takes too long to load listings or a traveler can’t use their preferred payment method, they may switch to an alternative platform.
Navigating the shadow AI surge
The emergence of consumer-oriented AI tools has complicated the shadow IT landscape. AI-enabled travel booking platforms promise massive efficiency gains, but many employees are unaware of the potential risks they pose.
AI models are known to scrape outdated or invalidated data at times, leading to inaccurate outputs. Or, if employees use AI tools to find “better deals” outside of established booking platforms, this can once again undermine corporate travel strategy.
Moreover, if employees input sensitive corporate data or travel itineraries into unmanaged tools, it can also lead to data breaches, travel safety risks, and non-compliance with privacy regulations.
For example, if an employee uses consumer scanning apps, unauthorized receipt capture applications, or unapproved browser extensions, receipts that contain personal information may be uploaded to non-approved cloud storage.
A free OCR (optical character recognition) app could store images on third-party servers. Such a breach could expose employees’ travel patterns and transaction details.
The fallout of travel shadow IT
When shadow IT finds its way into travel and expense (T&E) processes, it can have costly impacts on the bottom line.
Bookings on unauthorized systems can result in scam purchases, chargebacks, lost discounts, and surplus administrative burden that add up to millions of pounds worth of expenses and lost savings. These are the main sources of financial loss:
- Direct fraud and reimbursement losses: Fake receipts, inflated claims, and duplicate expense filings are potentially harder for businesses to track and assess when bookings are made in third-party tools.
- Illegitimate bookings and rogue vendors: Scam booking sites and compromised portals can cause direct card fraud, requiring investigation and chargebacks
- Inefficient spending: Employees lose access to negotiated corporate rates and discounts when booking via unapproved channels.
- Increased administrative overhead: The need for manual expense reports, receipt chasing, and coordination of multiple payment sources increases workload and processing costs. In addition, fragmented data results in inadequate reporting and inconsistent analytics, increasing processing time for T&E reports.
The impact of shadow IT is felt in many aspects of travel. Third-party bookings can undermine an employer’s ability to fulfil their duty of care when employees fail to log details of their travel, or plans change at the last minute
Without a digital audit trail to follow, travel managers lack visibility on employee movements and may struggle to contact them in emergencies.
Unapproved T&E systems also increase security vulnerability. These tools typically handle sensitive data, including personal employee information, financial transactions, and travel itineraries.
Without robust protections, they’re a prime entry point for threat actors, putting travelers and organizations of all sizes at risk of fraud, identity theft, and financial harm.
Lastly, shadow IT can jeopardize regulatory compliance.
As strict frameworks such as General Data Protection Regulation (GDPR), Sarbanes-Oxley Act of 2002 (SOX), and Payment Card Industry Data Security Standard (PCI DSS) places increasing demands on organizational data practices, many are falling foul of mandates around data privacy and retention, financial reporting, and more – which can result in permanent reputational harm, not to mention fines into the billions.
Strategies to secure travel management
Legal, IT, finance, operations, and HR teams must work together to deter employees from using unauthorized tools. But beyond a blanket ban on third-party tools – which the data tells us isn’t effective – what policy changes and change management strategies can they implement?
Employee education is the first line of defense. Regularly training staff in shadow IT risks, security standards, and compliance requirements is an important step in this process. This will enable employees to better understand how approved systems are imperative to protecting the organization’s data, financial well-being, and duty of care.
If your business hasn’t yet, it may be time to establish guidelines around AI usage. Communicate the benefits and risks and create a culture that encourages responsible AI implementation and healthy experimentation, so people don’t feel they have to use AI tools in secret.
You can also take inspiration from shadow IT. While it might sound counterintuitive, uncovering the tools employees use can help illustrate where there are gaps in the organization’s tech stack, and the kinds of features and workflows employees expect from travel tools.
Ultimately, the biggest counter to shadow IT is a technology portfolio that incorporates consumer-grade, secure T&E platforms. Invest in user-friendly tools that empower travelers to book with ease; they shouldn’t feel obliged to use corporate apps – they should want to.
We’ve featured the best business plan software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-2560-80.jpg
Source link
