WHAT IS IT?
Shadow IT put simply, is the use of non-approved software, hardware or processes by staff members without company knowledge to complete their work. Chances are, it’s happening right under your nose and could be putting your business at risk in many different ways.
WHY IS SHADOW IT A PROBLEM?
It takes a great deal of time and money to set up IT infrastructure to ensure that you don’t leave your business open to security, continuity or compliance issues. Software, Hardware and processes are chosen carefully and monitored for these reasons. So, if staff are opting to use applications or solutions the IT department is unaware of it can lead to significant issues as it is impossible for these things to be monitored and they are outside of the confines of protected networks and security systems.
It could be as simple as a staff member that is an Excel whiz, creating a spreadsheet to do quick calculation when a lengthy manual calculation has become part of their job and no other solutions have been made available. It makes sense to them as it makes their job much easier, and they are much more efficient. Then other staff find out, it gets emailed around, everyone probably thinks it’s not only harmless but incredibly helpful. However, the accuracy has not been checked by the correct people, and what happens when changes need to be made to the calculation, potentially quite often? How do you make sure staff are using an up-to-date version when you don’t even know it exists in the first place? This is an invitation to costly and constant errors.
Shadow IT can also be people walking around with portable storage such as USB drives carrying sensitive information with no proper care for security, online messaging services, alternative online email, online VOIP software, and much more.
These days one of the biggest problems is rogue instances of cloud-based SAAS programs (Software as a Service). These are applications and services that are delivered over the internet, so are easy to access and simple to turn to for quick solutions. SAAS applications are run on the provider’s server and so they are responsible for security, performance and maintenance. Your sensitive business data could end up stored anywhere and not necessarily in a secure way. Data can get spread across different cloud services and apps that you are entirely unaware of, leaving you open to security and compliance issues. Staff might set up these services with very simple or repeated and widely shared passwords.
Even if the service they use is secure, it can cause inefficiencies. For example, you might have a file sharing service set up, such as DropBox, but some staff choose to use a different cloud service, resulting in multiple versions of documents being created and circulated, making workflow inefficient and introducing the risk of the wrong versions of files being used. Other teams may not have access to what they need, and of course, should a staff member leave, you may lose access to the work they did.
WHY DOES SHADOW IT HAPPEN?
If you’re assuming Shadow IT happens because ‘bad’ employees just don’t care about the rules, think again, that can be a reason, but that is far from the leading cause.
Shadow IT can occur for a lot of reasons. In many instances, staff members may not even realise they are doing the wrong thing, they are simply being resourceful and getting things done in what seems to them the easiest or most sensible way.
It could be that all the correct software or solution is available, but some staff are unaware it exists. Maybe they don’t know how to use it properly, or perhaps what you are providing is simply inadequate.
Keep in mind that Technology is ever-changing, you need to keep up, and if what you have in place doesn’t meet the needs of your staff, they are likely to find a workaround. And why wouldn’t they? Let’s face it, in today’s fast-paced world, everyone is striving for work/life balance, and it is tough to achieve. Working smarter rather than harder is everything. If your staff perception is that they are working with inadequate IT systems and processes and they feel they will have far less time with their family because of this, then it will not come as a surprise that people will try and be resourceful and look for alternatives. If staff are facing working longer hours than necessary to complete a task and find an app that’s going to help them out, it’s very likely they will be signing up.
HOW TO DEAL WITH SHADOW IT:
As mentioned, staff may be unaware this is an issue, so the first step is comprehensive and ongoing training. Educate them properly AND have the correct tools in place, then there’s no need for them to look elsewhere.
Another important step is having a system in place where staff can request to have new software/hardware added to the approved list if they need it. Make this part easy, it will save you a lot of headaches. Some businesses have a hardline approach to Shadow IT, which still doesn’t stop it from happening, it also ignores that Shadow IT is actually generally highlighting that there is an issue within the business that needs to be solved rather than just shut down.
It can all sound pretty scary, but it truly isn’t all bad. In many ways Shadow IT can be seen as an opportunity for business growth. The vast majority of staff don’t want to be doing the wrong thing, they just want to get their job done as efficiently as possible. Consider why people are using other solutions. Is it actually shining a light on inadequacies within your business processes that need to be addressed?
Obviously, a big part of dealing with this is knowing it’s happening in the first place, the sooner problems are found the less harm they are likely to cause. It is important to be open to suggestions for changes and improvements from employees. They are the ones doing the work of your business, and possibly more aware than you might be of the efficiency impacts of the services and processes your business is using.
So, are there methods to identify shadow IT? Absolutely, there are many tools available, and importantly there are ways it can be done sensitively and without invading an employees’ privacy. Potential issues can be flagged which gives you the opportunity to have the possibly awkward but very necessary conversation with the relevant employees. Remember, once it is identified, take the opportunity to think about what it means how you can improve your business moving forward.
If you are not already actively seeking to identify Shadow IT within your business or you have concerns, contact us today to discuss your options.