Shadow IT: What is it and what does it mean for your business?
The realm of IT is, for most people, shrouded in mystery. Internal processes and systems are seen as intricate and complicated in order to keep business data and systems protected. Which is why it can get even more confusing for people when Shadow IT is introduced into the mix.
What is Shadow IT?
In simple terms, Shadow IT is any hardware or software within a company that is not supported internally by your IT team. It is any information-technology system, solution or tool used by employees that your IT department is not aware of or has not approved. For example, if a company restricts the size of email attachments and an employee needs to share a large file, he will get around this restriction by using external sharing facility like WeTransfer or Dropbox.
Why is Shadow IT problematic?
Why should the technology that people use to get their jobs done be an issue for IT departments, as long as the work is getting done? Well, because laws like the Protection of Personal Information Act (PoPI) require strict control over company data. Shadow IT technology poses a threat to cyber security as external tools cannot be controlled internally. A data breach that arises as the result of employees using Shadow IT tools can have serious repercussions. If a company is audited and a breach is discovered, it can lead to punitive fines and reputational damage.
What can be done about Shadow IT?
- Take steps to identify deficiencies within IT that resulted in the need for Shadow IT in the first place.
- Reestablish relationships between teams and individuals to identify why they see the IT department as a hindrance to their job.
- Work together to reinstitute the IT team as the gatekeeper for technology solutions in the work environment.
Many companies are choosing to see Shadow IT as an opportunity for growth – to explore how technology can be used to enhance the work environment, instead of hampering productivity.
Where it is found that employees are only using Shadow IT measures because the right tools are either not in place or they need something else in order to do their jobs faster, IT departments can use this as an opportunity to learn what software applications or cloud-based tools can be implemented to streamline work processes and allow for a collaborated work environment. After assessing the risk of each service and its security controls, the IT teams can decide which services to promote or enable. More than just an exercise in risk management, having clarity on service subscriptions and usage will not only improve collaboration, but reduce spend as well.
Besides talking to users, what else can you do? Obviously creating a clear Shadow IT policy and communicating it with your people will help everyone keep on the same page, but it’s important to keep the dialogue open. You could, for instance, conduct a survey that asks everyone which tools they’d ideally like to use, and what goals they will accomplish with these tools. Equipping yourself with this knowledge will help you understand how to give your employees secure alternatives to meet their needs, without subjecting the business to the dangers and expenses of Shadow IT.