Some of you may remember when IT departments had the ability to fully control almost all technology decisions, and who was allowed to use what.
And then came the cloud, with free or low-cost apps and services from an endless number of SaaS (Software as a Service) providers.
Fueling the fire even further was the proliferation of employee-owned mobile devices, where the employee became used to completely controlling both hardware and software.
Users were quickly discovering it was a lot faster and easier to download their own applications and services, as opposed to waiting for their IT department to source, implement and approve the latest and greatest.
80% of workers admit to using SaaS applications at work without IT approval (Source: McAfee)
Many argue that complex IT policies and outdated software that don’t meet departmental needs drive users to go find their own solutions.
Whatever the reason, shadow IT poses a real cyber security risk in the business world.
Each unsanctioned device or application removes an important layer of the “security blanket” and increases the risk of compromise. This is even more important in highly regulated industries.
Your natural instinct might be to clamp down completely on shadow IT, but remember that in part, it’s often a symptom of unmet needs.
Instead of completely blocking employees from using cloud apps, it makes sense to do an audit first to find out who is using what and why.
You’ll likely find duplicated technologies, cyber security risks, inefficiencies and an overall loss of a strategic IT roadmap.
At the same time, the very items you find may actually help you get back on track for creating a better IT roadmap that meets the needs of your users!
How to Control Shadow IT
Companies can successfully control shadow IT with the right employee education and tools. Note that this is highly dependent on the industry you work in – there are some verticals where any unsanctioned apps cannot be tolerated.
In some cases, shadow IT might be permitted for things like personal productivity tools, but not for mission-critical applications or services.
Employees seeking alternatives to these would need to consult with their IT department (or IT service provider partner) to see whether or not the new solution can be implemented.
There are other tips that can help you cope including:
- Reduce evaluation times for new technology requests
- Embrace the cloud – this can speed up implementation time and reduce costs
- Stay ahead of the latest tech developments to better understand what employees want
- Create a partnership with business units outside of the IT department
- Create and get agreement on the right shadow IT policy for your company
- Reinforce what will NOT be tolerated
Your Ready-Made Shadow IT Policy
It provides guidance on when shadow IT can be permissible, outlines restrictions that could apply, and defines employee and IT department responsibilities.
While it might not be the perfect fit for every organization, it’s a great template for you to use to make your own custom policy – or contact us and we’ll be happy to help you figure out the best way to manage shadow IT in your specific situation.