The dark side of IT: 5 tips to overcome shadow IT

“Shadow IT”: The term sounds rather dark, almost sinister. Unfortunately, it’s something unpleasant that businesses increasingly have to deal with. Employees are, in fact, more and more frequently adopting apps, solutions, or software without their IT department’s permission or even knowledge. This poses a great potential danger, because it leaves the IT department unable to maintain a secure working environment. Company data and business processes are thereby put at risk. But what are the reasons behind the rise of shadow IT and how can CIOs get a handle on things?

Shadow IT is officially defined as the unknown, unauthorized usage of IT applications within a business environment. As consumer technologies become more and more user-friendly and powerful, enterprises face increasing levels of shadow IT, meaning their users bring their own devices, manage their own apps and data, download software as they please, and use their own personal collaboration tools to perform their job. Oftentimes, enterprise IT is unable to compete with the features, ease of use, and reliability of the consumer technologies brought in by employees. Let’s be honest: Haven’t we all gone behind the backs of our IT managers to install our own software?

Research from the market research institute 451 Group suggests that 44 percent of businesses globally now have shadow IT within their organization. The cloud and the rise of software as a service (SaaS) have made applications easy to download by bypassing a company’s infrastructure and controls with a single click. In a survey conducted by McAfee at the end of 2013, more than 80 percent of respondents admitted to using non-approved SaaS applications in their jobs. There’s no doubt that shadow IT will continue to rise, but what is the best way to deal with it? We have some answers for you.

Five tips on dealing with shadow IT

Monitor your company network

Responding to shadow IT requires businesses to understand how big the problem actually is, and what the potential fallout could be. Monitor your network for new and unknown devices! This can be incorporated into the daily business routine through vulnerability scanning, a widely-adopted security practice enabling you to receive detailed information about where on your network there are new devices, and of what kind they are. This will help you to find out exactly how prevalent shadow IT is in your company.

Identify your employees’ needs
After monitoring your company network, you will have some valuable information and an accurate indicator of what applications your employees actually need. This can form the basis for your future strategic planning. Be prepared for a path of continuous development and make sure that future implementations are business, rather than technology-led.

Adjust to your employees’ requirements

Employees today want to be able to find, view, and use their data across locations and devices. If your business doesn’t provide a secure solution to access corporate data remotely, employees will find their own ways to work efficiently by using consumer products that could put the organization at risk.

You need to provide a secure, IT-controlled access to information on the go that will reduce the risk of employees deploying external products beyond the awareness, discovery, and control of the IT department. Your employees are probably using more advanced, easy-to-use, technology in their personal lives than they are at work, which means that they most likely find the apps and solutions at work too cumbersome or too time-consuming to use. If an employee’s experience is seamless and secure, he will see no need to go around IT to find solutions that help him be more productive.

Reduce evaluation times

In many cases, shadow IT just means that employees are trying to do their job quickly and effectively. If a client is pressuring them because they need a large file immediately and there is no company-sanctioned alternative, who can blame the employee for using a consumer service such as Dropbox? When employees have new technology requests for the IT department, one of their biggest complaints is that the IT review process takes too long. Try to optimize your approval processes and align them with your employees’ workflow.

Establish guidelines

Could the risks have been explained better? IT departments must become better listeners, but also become more adept at explaining their side of the story. For example, you could establish accurate Bring Your Own Device (BYOD) guidelines. To accommodate the needs of different business units, the IT department could also create and share a list of approved applications beyond the standard issue software.

Furthermore, in the era of the cloud, users are able to take advantage of cloud platforms that allow them to easily develop their own customized applications with only little coding knowledge. At first glance, this may appear to support shadow IT even more. But facilitating these so-called “low-code” developers is an opportunity for IT to speed up software development and delivery timetables without sacrificing performance or security.