Shadow IT is the term used for personal technologies (BYOD), applications, and software or services supported by a third-party service provider, instead of an organization's IT provider or technology department.
Over the past several years, Social, Mobile, Analytics and Cloud (SMAC) technologies have been core drivers of innovation (and disruption). Mobile and cloud services have given end-users the ability to access data and perform their work roles from nearly any location. As a result, businesses' applications have moved from behind the safety of the company firewall to public Software-as-a-Service (SaaS) solutions for everything from accounting to human resources.
These technology trends have also resulted in the “consumerization” of IT, where end-users have come to expect a fast, easy to use, mobile first experience. These expectations can cause with frustration with legacy technologies that may not work as well for employees on the go.
End users gravitate toward the simplest solution. Why go and find a work-related device when your cellphone or tablet is sitting on the desk? Thanks to the Apple's App Store and Google's Play Store, employees have access to literally thousands of applications that they can quickly install and use to carry out their job functions, all outside of the network perimeter. So why is this an issue?
THE RISKS OF SHADOW IT
There are several issues at hand with Shadow IT. Users choosing their own applications can open companies up to security issues, take them out of compliance with legal guidelines, and negatively affect other users in their business without meaning to. Here are some of the ways Shadow IT can impact your business:
Security – Unsupported hardware and software are not subject to the same security measures as supported technologies. Without the ability to monitor and control application use, software and apps that incorporate business data and integrate with existing business applications are at risk of cyber-attacks and malware infections. This leads to lost time, lost productivity, lost revenue, and lost reputation.
Compliance – The governance and compliance risks from Shadow IT are extremely serious as sensitive data can easily be uploaded or shared. There are no processes to ensure confidentiality of data or access policies if an employee is storing corporate data in their personal DropBox or EverNote account. Breaches resulting from failing to meet compliance guidelines can lead to significant fines.
Workflows and Processes – Technologies that operate without an IT department's knowledge can negatively affect the user experience of other employees by impacting bandwidth and creating situations in which network or software application protocols conflict. Additionally, IT Support teams may not be ready with answers or a resolution when end users present issues with unsupported tools. This slows down workers and creates additional strain on IT.
REDUCING RISK AND MAXIMIZING BENEFITS
For all the risks Shadow IT presents, it also carries the potential for rewards. New applications can revolutionize processes and allow employees to work smarter and more efficiently. This requires a careful balance between management and flexibility.
Most end users do not equate using certain applications or devices with extreme consequences. This is where IT needs to be flexible and communicate well. Instead of telling end users they can only use one system for work, clearly outline what type of data is okay to work on in unsupported applications and which data should remain secure in your supported network. Make sure that you identify allowable uses in your Acceptable Use Policy.
The time has come to move past the denial stage of Shadow IT and communication is key. Educating end users and providing clear, concise, information usage guidelines can help you develop enforceable boundaries. Take the time to understand the processes and needs of employees. Research and employ solutions that address those needs, both current and future. This, combined with a solid cloud and SaaS application strategy can rein back in your end users and data.