Shadow IT — when users turn to unauthorised cloud-based apps to get their work done — is a significant issue for most organisations. Studies suggest that, on average, companies have at least 15 times more cloud applications running in the workplace than have been authorised by the IT department.
The use of shadow IT increases the risk of security breaches, threatens compliance in regulated industries and often wastes time and money. But smart IT managers recognise that users turn to shadow IT because company systems are failing them. The answer is not to try to block shadow IT entirely but to understand and manage it.
Here are five steps IT managers can take to reduce the risks of shadow IT
- Identify which shadow IT apps are being used and who is using them. This may sound like a laborious task, but there are tools to help. For example, Softwatch OptimizeIT, a SaaS solution, enables organisations to have a quick assessment performed on their network without the need to install servers or make changes to their infrastructure. It’s secure, lightweight and has an extremely low footprint on your network. It can detect all the applications used by your employees and identify those that are not approved by your corporate IT policy. The outcome of the assessment is an in depth understanding of the organisation's usage patterns and user segmentation for all software applications and cloud services, including homegrown applications
- Understand what data is being used and stored by these shadow IT apps. Are employees using consumer file hosting app to share company documents that contain proprietary information? Or are they simply sending cat videos to colleagues?
- Assess the business risks of shadow IT activity. Softwatch can sort applications by how much they're being used or look for particularly risky apps. It can identify which departments are using each app and provide a list of users, divided into light or heavy users.
- Control shadow IT activity to ensure compliance with corporate policies. That could include preventing users from installing certain apps on company devices (using the Managed Play Store if you're running Chrome Enterprise for example) or blocking unauthorised apps on users' own devices from accessing your corporate network. But you should also consider whether there's something missing in your enterprise systems or a need to train users in how to use tools they already have.
- Provide ongoing monitoring and assessment. An initial assessment will provide a baseline for taking action, but new apps are emerging all the time. Regularly using a service like Softwatch will help you identify new threats or new user needs and respond.
To find out more about how to manage shadow IT, come and talk to the experts in our digital transformation team.
Article updated August 2019
First published November 2016