In the past, IT departments were able to control almost all technology decisions, along with who was allowed to use what application or service.
But then came the cloud. And mobile devices. And users discovered that in many cases, it was a lot faster and easier to download their own applications and services, as opposed to waiting for their IT department to source, implement and approve the latest and greatest.
The shadow IT phenomenon was born.
Shadow IT is the use of Information Technology-related hardware, software, infrastructure or services by an individual, team or department within an organization without the knowledge of the IT department or security group within the organization.
Shadow IT is also called underground IT, rogue IT, embedded IT, fake IT, stealth IT, feral IT and client IT.
Shadow IT comes in a variety of flavors, many of them enabled by the rise in cloud computing and personal devices.
An employee is frequently on the road, visiting clients and having to work from remote locations. The company-supplied laptop is old and slow. The employee owns a newer, faster laptop, and uses this personal device to conduct company business without the knowledge or permission of the company IT department.
A small team spends a lot of its time on video conference calls. These calls are typically frustrating because the video conferencing software that the company supplies doesn’t have a chat feature, doesn’t record to the cloud and the audio quality isn’t the best. During a call, they decide to get around these shortcomings by signing up for a better video conferencing tool … but they don’t think to let IT know.
A software development team is under pressure to launch a product within two months. They cannot wait weeks for their IT department to supply the servers, networking equipment and IT services, so they sign a contract with a cloud services provider, who has them up and running in hours.
An employee wants to be accessible to suppliers 24/7, so he gives them his personal email address and adds them to the chat application on his phone, where they exchange and discuss quotes, bids and technical documentation outside of business hours.
[insert graphic stat callout: Roughly 80% of workers admit to using unsanctioned applications at work without IT approval (Source: McAfee).]
As you can imagine, these outside solutions can cause significant issues with security, performance and even operations. But before we dive into the repercussions of shadow IT, let’s look at its causes.
Shadow IT is a complex problem that has multiple causes. Some of these causes are related to technology, and others are related to policies and procedures. Here are the top reasons that individuals, teams and departments look for IT solutions outside of their IT department.
IT takes too long to approve requests: Business moves at a blistering pace these days, and individuals and teams with crushing deadlines won’t wait for IT departments that take too long to process and approve requests for hardware, software and IT services.
Current IT resources are inadequate: When the computers and software applications that IT supplies are unreliable, slow, or unable to handle today’s business tasks, employees look elsewhere for their own solutions.
Current applications are too complex: Some employees have been spoiled by the seamless experiences they enjoy when using popular consumer platforms, such as Netflix, Uber and Airbnb. When they are required to use corporate apps that are complex and anything but intuitive, and when they discover that free consumer apps do the job just as well—but faster and more easily—they switch (without telling anyone).
Outside stakeholders are using incompatible technology: Employees need to have a seamless experience when sharing files with prospects, clients, vendors and suppliers. If any of these outside groups are using a technology that the employee is not allowed to use for work (a popular messaging app, for example), then the employee will feel pressured to use the app anyway.
<<Download the Ntiva Guide to Remote Work Security>>
Shadow IT poses a number of risks to businesses large and small.
Shadow IT is hard to eliminate.
But it is something that you can reduce and even control.
Your natural instinct might be to clamp down completely on shadow IT. But remember that shadow IT is often a symptom of unmet needs. So, instead of blocking employees from using external hardware and apps, conduct an audit first to find out who is using what—and why.
You’ll likely find duplicated technologies, cybersecurity risks, inefficiencies, and an overall loss of a strategic IT roadmap. This discovery can be a blessing, helping you identify where the most urgent pain points are for users … and where your IT roadmap needs to get back on track
From there, your organization can set some priorities. For example, shadow IT might be permitted for things like personal productivity tools like calendars or video call platforms (as long as no files are shared), but not for mission-critical applications or services. Or, you may decide to clamp down on shadow IT altogether.
Either way, consider the following best practices for reducing the odds of employees going rogue with their IT:
You can establish the ground rules for shadow IT in your company with this ready-made policy from Tech Pro Research. This policy provides guidance on when shadow IT can be permissible, outlines restrictions that could apply and defines employee and IT department responsibilities. While it might not be the perfect fit for every organization, it’s a great template for you to use to make your own custom policy.
Want a policy that’s more closely aligned with your company’s specific needs? Contact us and we’ll be happy to help you figure out the best way to manage shadow IT in your specific situation.
If your organization is seeing an unacceptable rise in shadow IT because your IT department lacks the resources to meet your users’ needs, consider outsourcing part or all of your IT function to a managed service provider like Ntiva. We take the burden of managing your business technology services off your shoulders.
Employees have more IT choices than ever before. But by communicating openly with employees about the risks, listening to their needs and then finding ways to meet those needs, your organization can take employee IT out of the shadows and into a more secure state.