28 Mar Is Shadow IT Lurking in Your Office?
Shadow IT, also called rogue or stealth IT, exists in most offices. It refers to technology that employees use for business purposes, but which is not sanctioned by the IT department. In fact, the IT department may not even be aware that it’s being used. Employees are likely utilizing shadow IT for laudable purposes: to make their jobs easier and improve their productivity. But for those who are responsible for a company’s IT strategy, it makes their jobs harder. Worse, it can pose compliance and security risks to the business.
Shadow technology can take many forms, both hardware and software. Think about individual use of personal smart phones, tablets and USB thumb drives that have not been subject to a company’s security measures. Also common is the use of third-party applications such as Google Docs, Dropbox or Evernote. As individuals become more tech savvy and new technologies come to market daily, it’s not hard to envision a scenario where an employee or department wants to try something new to help them stay organized and improve communications on the job. It sounds fairly harmless, but there are some serious downsides.
Compliance: For businesses that are bound by regulations or corporate policy regarding how to handle data, including customers’ personal information, the use of non-sanctioned or non-secure software to store, share or transfer data is a big problem. Software licensing is also an issue that may need to be addressed.
Security: Similar to compliance concerns, if technology is being used that is not subject to security controls, the chance of infection by malware or other security breaches increases. Obviously the folks in charge of IT can’t employ security measures for technology they don’t know is being used.
Maintenance: Businesses build maintenance into their technology strategies, including replacing hardware and updating software. If this upkeep is ignored, problems can result.
Cost: Maximizing cost efficiency is a goal of all businesses. When employees or departments are going rogue on technology there may be missed opportunities for cost savings and unnecessary duplication due to lack of coordination or consultation with those in charge of the company’s technology plan.
Despite the downsides, the use of shadow IT is common. in fact, some 80% of workers admit to using cloud applications at work, often without approval. This is driven not only by the problems solved by new technology, but also the difficulty, or perceived difficulty, of getting official approval to try new things.
Banning shadow IT without getting rid of the legitimate reasons for its use is likely to fail. However, given the risks, it is important to get it under control. That means finding a sanctioned path by which problems can be reported and IT solutions can be vetted and adopted when possible, with the involvement of those in charge of IT strategy. Three tips for managing shadow IT include:
Educate: Educate employees about the risks of shadow IT. The use of technology without consulting the IT department is not necessarily nefarious, and may be done without much thought to or awareness of potential negative consequences. A little bit of education can help curtail undesirable employee behavior.
Evaluate: With the knowledge that employees will be attracted to certain popular technology solutions, a proactive approach is possible to get in front of rogue behavior. Evaluate commonly used technologies and provide a list of approved applications or devices and associated guidelines as part of an acceptable use policy.
Facilitate: The decision to skirt the IT department is more likely if employees perceive it as a roadblock instead of a gateway. Establish the IT department as a collaborator that helps employees get the tools they need in a way that protects company interests. Make it easy to report problems and allow the IT department to lead the way to acceptable solutions that meet the needs of all parties.