Life on the go is a reality today, thanks to countless mobile devices that facilitate our daily activities. Whether you use a handheld device for business or personal matters, you're probably aware of those mobile ads popping up. Depending on your career, they can be a subtle invitation to text a certain number and participate in trivia to win cash prizes, or an SMS announcing new apps that you ...
Shadow IT is the term used for personal technologies (BYOD), applications and software or services supported by an external service provider, rather than an organization’s IT provider or technology department.
In recent years, Social, Mobile, Analytics and Cloud (SMAC) technologies have been central drivers of innovation (and disruption). Mobile and cloud services have given end users the ability to access data and perform their work functions from almost any location. As a result, business applications have moved from being behind the security of the company firewall to public software-as-a-service (SaaS) solutions for everything from accounting to human resources.
These technology trends have also resulted in the “consumerization” of IT, where end users expect a fast and easy-to-use mobile first experience. These expectations can cause frustration with legacy technologies that may not work as well for employees on the go.
End users gravitate towards the simplest solution. Why go looking for a work-related device when your cell phone or tablet is sitting on your desk? Thanks to the Apple App Store and Google Play Store, employees have access to literally thousands of apps they can quickly install and use to perform their job functions, all outside the network perimeter. So why is this a problem?
THE RISKS OF THE SHADOW
There are several issues involved with Shadow IT. Users choosing their own apps can expose businesses to security issues, take them out of compliance with legal guidelines, and unintentionally negatively affect other users in their business. Here are some of the ways Shadow IT can affect your business:
Security – Unsupported hardware and software are not subject to the same security measures as supported technologies. Without the ability to monitor and control application usage, software and applications that incorporate business data and integrate with existing business applications are at risk of cyberattacks and malware infections. This leads to lost time, lost productivity, lost revenue, and lost reputation.
Compliance – Shadow IT governance and compliance risks are extremely serious as sensitive data can be easily uploaded or shared. There are no processes to ensure data confidentiality or access policies if an employee stores corporate data in their personal DropBox or EverNote account. Violations resulting from failure to adhere to compliance guidelines can result in significant fines.
Workflows and processes – Technologies that work without the knowledge of an IT department can negatively affect the user experience of other employees by impacting bandwidth and creating situations where software or network application protocols conflict. Additionally, IT support teams may not be ready with answers or a resolution when end users have issues with unsupported tools. This slows down workers and creates additional stress on IT.
REDUCTION OF RISKS AND MAXIMIZATION OF BENEFITS
For all the risks Shadow IT presents, it also carries the potential for rewards. New apps can revolutionize processes and enable employees to work smarter and more efficiently. This requires a careful balance between management and flexibility.
Most end users do not equate the use of certain apps or devices with extreme consequences. This is where IT needs to be flexible and communicate well. Instead of telling end users that they can only use one system to work, clearly describe what kind of data is okay to work on in unsupported applications and what data should remain safe on your supported network. Be sure to identify permitted uses in your Acceptable Use Policy.
The time has come to get past the denial stage of Shadow IT and communication is key. Educating end users and providing clear and concise information usage guidelines can help you develop enforceable limits. Take the time to understand the processes and the needs of the employees. Research and employ solutions that address those needs, both current and future. This, combined with a strong cloud and SaaS application strategy, puts you in control of your end users and data.