Shadow IT is still a challenge for organizations. With the constant introduction of new productivity and communication tools, as well as the adoption and evolution of existing services, users are more inclined to collaborate outside of IT-sanctioned applications. It is often easier to share information using one of the apps already integrated on our phones than it is to upload it to a corporate system. But this can be risky.
Scared of Your Own Shadow?
Using a public cloud service to share what may seem like a mundane photo of a whiteboard covered in sticky notes, for example, could result in a company’s next wave of innovative ideas being stored in an insecure manner. Add to this risk the challenges of compliance and auditing, and shadow IT can become a big problem.
But unsanctioned cloud apps do enable users to be more efficient, which presents two problems. First, attempting to block access to unsanctioned services is a poor a long-term solution because people will find ways around whatever barriers you put in place. Secondly, we want our users to be efficient, and that may mean leveraging some of these cloud apps.
Building a Successful Shadow IT Strategy
It is important for IT leaders to be realistic about shadow IT, which includes everything from cloud services to bring-your-own-apps for mobile devices. It’s impossible to completely control what users are doing, but a successful strategy should include these three critical steps:
- Educate users on how to handle corporate data. Make sure they understand the risks of using public shared services and their responsibility to ensure that confidential, valuable or personally identifiable information (PII) is stored properly.
- Provide users with the tools they need. By offering a range of high-quality, approved apps, you decrease the need for users to look elsewhere.
- Monitor what’s going on in your organization. You need to have visibility into what services are being used, by whom, how often, for what sorts of data and how much it costs. Control access to insecure services and learn what users really need by looking at demand.
As users become increasingly tech-savvy, shadow IT will continue to exist. The potential risks can be managed with good education, alternative tooling and careful monitoring.