Cloud computing services, especially online software, are so popular today that even if you haven’t strategically implemented them into your business, your employees are probably already using them on their own. This is shadow IT.
Shadow IT refers to those tech-related activities that are occurring outside the scope of traditional IT, in an unauthorized fashion. Unfortunately, but somewhat unsurprisingly, this is occurring in most organizations today. In fact, 83% of CIOs have experienced some level of unauthorized provisioning of cloud services – in other words, shadow IT. Another 72% of executives don’t even know how many shadow IT applications are being used within their organization. (TechCrunch) From a security standpoint, this presents quite a risk.
Why is this happening?
Employees are finding workarounds to legacy IT solutions – they want things that are simpler, faster, and work on the go, which tend to be online cloud applications. These are understandable desires, especially since users experience this level of technology efficiency in their personal lives. In many cases, users actually have the best intentions when implementing shadow IT solutions. To an extent, they have the welfare of the organization or their department in mind because they know these tools are easier to use and will boost their productivity.
However, the fact of the matter is that every unsanctioned device or application an employee uses takes away another layer of security, which increases the vulnerability of business data. Shadow IT also impacts business budgets and the effectiveness of the IT team and its ability to serve both the company and workforce effectively.
85% of IT decision makers believe that shadow IT presents a risk to their organization’s security. (Vanson Bourne) And yes, it’s a hazard – but only for businesses that aren’t willing to address it. This goes for both small and large organizations. You need a strategy!
So how do you address it?
Shadow IT Assessment
It’s obviously best to discover how employees are using their devices or applications before shadow IT becomes an issue. The CIO and IT team needs to establish an inventory of the cloud services currently being used, how they are used, and what risks they present. This assessment should include:
- Which cloud services are currently in use, and are they effective in supporting the department or business’ needs and goals?
- Are some of the cloud services redundant and can be eliminated?
- What risks are these cloud applications causing, and what are the data and security policies of the providers?
- How much is being spent on cloud services, where can savings be made, and how can services be consolidated?
- How are the cloud services being managed, and what are the service level agreements?
- What are the perceived benefits by the users that caused them to resort to shadow IT in the first place?
- How can these perceived benefits be addressed in a safer way moving forward?
By reviewing the applications and data that are currently out of your control, you can organize them by business risk and determine the places in which you’re currently most vulnerable. Without this assessment, you may not have even been aware of your biggest vulnerabilities. Additionally, this assessment helps determine which applications and tools employees prefer to use for work.
Establish Cloud Services
Once the business has completed an assessment, the CIO and IT department can more successfully bring cloud services out of the shadows and under the IT umbrella. These IT personnel quickly need to become “cloud managers,” and when they take on this role they can begin to anticipate and meet the needs of their employees while also controlling security, compliance and budgeting. The IT team needs to develop a strategy to implement cloud solutions to support business processes, satisfy employees and decrease shadow IT occurrences. By strategically picking a cloud provider like RapidScale and implementing cloud services thoughtfully, a business can take control over its cloud use.
It’s important not to simply start enforcing policies and tools without explaining the reasoning to your employees. Share the knowledge and educate them on the risks of shadow IT and why organizationally approved cloud services are the encouraged methods. For the most part, you’ll find that your team was simply unaware of the potential extreme consequences of their actions. Management should also be open to employee suggestions and preferences when it comes to the tools they use for work.
Management or an IT team may be tempted to impose restrictions when it comes to application use. Rules aren’t the answer. Strict policies punishing shadow IT isn’t the answer. IT personnel should be thinking, “How can everyone work together to create standardized processes that don’t eliminate the productivity and ease users are seeking?” It’s all about having candid conversations and setting guidelines on what type of data is okay to use in certain applications, and what data needs to remain absolutely secure. These guidelines set enforceable boundaries without terribly limiting employees. Additionally, these guidelines make IT the intermediary between employees and the cloud services, making shadow IT actually work for everyone in a sense.
It’s important to remember that assessing your organization once is not enough. Inevitably, employees will again be attracted to new services that they can easily and quickly deploy. Shadow IT consumption assessments need to be ongoing and become a regular part of business operations.
If you are running into shadow IT issues, this is probably a sign that your current technology is old or inefficient. Employees are calling to their IT leaders to address business inefficiencies and implement better tools. Updating computing resources and moving to cloud tools and services can really revolutionize business processes. These updates allow employees to work more efficiently, comfortably and knowledgeably. When a business completely restricts its users, it can compromise huge potential for innovation and organizational growth. It’s important to strike a balance between cloud management and employee flexibility.