Technology is becoming more and more readily available, with such things as cloud storage and web applications instantly accessible at the click of a button. Individual users can now easily access the latest technologies, and there is no doubt that employee productivity and work efficiency are reaching new peaks. However, how can management ensure that sensitive business data is being processed securely through external IT solutions?
What is Shadow IT?
“Shadow IT” refers to applications and IT solutions used inside organisations without explicit organisational approval, and describes solutions deployed by departments other than the IT department.
Unsanctioned use of IT solutions exposes the organisation to extra risks, putting sensitive data beyond the reach of corporate firewalls and other security measures. IT costs can also quickly spiral out of control as different applications are being used by different people across a multitude of devices, many of which have been purchased outside of traditional IT and procurement channels.
If your organisation is affected by Shadow IT, you are not alone. In a recent study by marketing firm Outsource on behalf of Red Hat, an interview of 110 Australian and 40 New Zealand senior IT decision-makers found that only 13.3 percent of respondents are using cloud applications or platforms with full approval from senior managers.
Why does Shadow IT happen?
Before any company can tackle this issue, they must first identify the reasons why employees have looked externally to begin with.
“Organisations using cloud technologies without senior management approval tend to do so because they cannot get the speed and agility they need from existing, approved organisational systems,” Max McLaren, Red Hat’s ANZ regional vice president, said in a statement.
Shadow IT exists because people need to get work done and “official” IT hasn’t been responsive enough, or because it lacks the necessary tools. This drives employees to find an adequate solution on their own, and security would not be their priority.
To overcome the problems that arise with Shadow IT, it would require long term efforts, communication and cooperation between management, IT staff, service providers and employees.
How can Shadow IT affect my organisation?
- Usually more costly. Duplicate subscriptions and services that don’t receive the benefit of volume discounts could be rampant throughout the company.
- Can degrade app performance. The organisation’s internet connection could get clogged with cloud traffic. Cloud use depends on network access. If IT is in the dark about cloud services and doesn’t account for them in its capacity planning, network pipes can fill up fast.
- Can increase your vulnerability to hacks. Shadow IT services aren’t connected to your core directory structure, and users are prone to reusing their existing credentials with the new, non-IT-sanctioned service for the sake of convenience. Identical credentials to your core directory, then, can get leaked in other systems, which significantly increases the risk of security breaches. IT cannot manage these credentials because it doesn’t know about them.
Plan of Attack
1. Adopt a more progressive approach
Shadow IT highlights those areas in which current IT systems are falling short of the needs of the employee. Management needs to enable productivity by building the right environment to bring the tools in-house as needed. Try to make official IT as easy and responsive as Shadow IT while still asserting appropriate control over corporate intellectual property. With a more progressive approach, management could implement regulations that actually support Shadow IT initiatives, helping them to understand employee grievances to achieve the right solutions.
2. Implement flexible management tools
The distinction between work and non-work is quickly diminishing, and policies towards device and software capabilities should reflect this. Employees will likely reject the notion of management controlling personal devices but will generally accept control of corporate information on those devices. Therefore, businesses should look for mobile applications and management tools that offer greater flexibility.
3. Reach out to Shadow IT vendors
Proactively contact vendors and suggest that they work with you directly over letting employees or individual business units implement their services on an ad hoc basis. This will not only help you maintain control and visibility, it will help the vendor establish a more long-term and profitable relationship with the company.
4. Educate your team
Once management has sight of the applications in use throughout the organisation, the next step is to educate employees about why certain activities have been blocked. Offering alternative apps that have similar features, but are lower-risk, means employees will feel empowered by using apps and devices they enjoy, while corporate security is maintained.
Consulting and providing feedback also reflects your strong position to give guidelines of approved applications, policies and alternatives. Staff will want to be informed and discuss their IT queries so they can get the job done and improve business processes. Ultimately, this open approach will give management greater visibility and insight into what applications users are deploying.
5. Engage a Managed Service Provider
With a wealth of knowledge and experience in the industry, a Managed Service Provider would be able to provide all of the above. They are in the best position to analyse the applications currently being used by your team, whether these solutions are suitable for standardised use, and suggest possible alternatives to cater for your business needs. They can also manage the entire project from start to finish, ensuring that any new services and solutions deployed integrates smoothly with existing business systems, and provide any necessary training to ensure employees’ technology use does not compromise business security.
Accessibility to technology has meant a much more complex working environment, however companies that manage to leverage it to perform at their peaks will be able to gain a great competitive advantage in this new world.