Beating Shadow IT
Beating Shadow IT
What is it?
Shadow IT is essentially the name given to the use of applications or systems within the business without explicit approval from the business. In many instances, it’s about the actions of an individual, but it could be whole departments operating independently of the standard processes. The term “shadow” implies dark and threatening behaviour, which can be the case, but often it's used with little or no thought of the associated risks.
Why is it used?
Typically, shadow IT arises because users want to make their working lives easier or more efficient. Individuals bring experience from other working environments or by simply Googling their problem, identifying a work around and starting to use their solution.
Individuals’ changing attitudes to technology, the rise of BYOD and the blurring lines between personal and professional apps is all leading to the potential for a loss of control by IT. The employees joining your business bring more demands from IT now. They are the "app" generation, used to just getting access to what data they want, when they want it and from whatever device they want it from. Cloud apps in particular, pose a huge problem with many people using private email addresses for DropBox or OneDrive. USB sticks were the last generation’s problem for malicious or accidental data leakage, now we have WeTransfer!
An example might be a team of employees trying to collaborate on a project. The tools available to them within the organisation aren’t supporting their efforts, so one of the team suggests that he invites the others to his DropBox folder so they can share the documents they need to work on together. The team may well have a more efficient method of working on their project, but the data and intellectual property now exists beyond the security perimeters of the organisation, accessed by personal rather than professional email accounts which IT have no control over.
Why Shadow IT is a concern
The problem isn’t the use of applications per se, it’s the movement of data to those applications and therefore the loss of control of valuable data. Organisations spend huge amounts of money and invest time and people in ensuring they meet regulations with regards to data security. Shadow IT compromises the integrity of all of this.
Data should be under control - where is it, who has access to it, when and where.
Beating shadow IT using the LIMA Methodology
Educating staff and understanding their needs in turn is the first step. Be open about why data security is important and gain insight in to the reasons any applications are being used. It may be that you already have the solution implemented and users just weren’t aware! Do your users need access to data just from one location, the office, or on mobiles, laptops, from any internet connection? What data do they need access to, email, files, CRM, ERP and so on.
Provide solutions. Decide on the applications approved to give your users the efficient IT system they need with the tools do their job effectively, efficiently and with as few obstacles as possible.
Provide policies and deploy controls. Prevent users installing applications. Keep your data in locations that can be audited, access controlled but available to users. Deploy next generation or application aware firewalls so that you can inspect the data entering and leaving your network. Admittedly, it’s keeping on top of this that is the main challenge and the reason many organisations look externally for help. If this is you, then talk to us!
IT is an ever-evolving landscape. The Cloud is bringing more and more opportunity for working in new or different ways. It’s critical that IT teams keep talking to business users about needs and challenges and that budget is made available to invest in this form of innovation to keep pace. Our regular customer event agendas are designed to communicate what we think is important and new in the market to make it easier for our customers to identify what could have the most important impact on their organisations. Find out more about our next event here.