Why you need to learn to love shadow IT

‘Shadow IT’, the concept of employees using all manner of technologies for work regardless of IT’s approval, is nothing new. First established over thirty years ago with the introduction of client-server computing, Shadow IT is now firmly back on the agenda thanks to the rise in enterprise mobility, shining a light on what some CIOs believe to be their biggest security challenge.

The popularity of iOS and Android has inspired some wonderful consumer apps, many of which are incredibly useful at work - so useful that employees are often willing to use them regardless of their IT department’s regulations. Unsurprisingly, this presents a huge problem for CIOs, 58 per cent of which believe that Shadow IT has the potential to undermine their role entirely.

We’re well and truly in the age of ‘Consumer IT’, so it’s no surprise that 44 per cent of employees are happy to download their own apps regardless of the IT department’s guidelines. The impact of this is a wider enterprise shift towards mobile, as CIOs begin to reconsider the traditional PC model.

A game of ‘whack-a-mole’

Shadow IT presents CIOs with a choice; either restrict use of unregulated IT services, or acknowledge their increasingly important role in a Mobile First organisation and adapt to the new landscape. The former seems to be the modus operandi for many, as restriction may seem more manageable, in theory at least.

In practice, this is often a challenge. Managing employee use of unsanctioned apps can be likened to a game of ‘whack-a-mole’, as limiting the use of one app will often prompt employees to start using another. With as many as 88 per cent of apps in use still outside of IT’s regulations, CIOs have their work cut out for them if they choose to restrict Shadow IT outright.

Keeping your data secure

CIOs would be well advised to adopt a more progressive approach. Shadow IT highlights those areas in which IT is falling short of the needs of the employee. It should be viewed as a valuable asset, not as a threat. With a more progressive approach, CIOs could implement regulations that actually support Shadow IT initiatives, helping them to understand employee grievances to achieve the right solutions.

The use of personal cloud services to store corporate data is a good example here. The IT department is unlikely to ever have full control over a personal storage app, so it may be better served by focusing on securing the documents themselves rather than the storage repository. By separating the security method from the file’s location, documents can remain secure at the file-level regardless of where they are transferred. This reduces issues around Shadow IT by allowing employees to use their preferred storage solutions, while avoiding potential security hazards.

Putting the employee first

The user of consumer apps in the enterprise is a part of a much broader trend. We’re witnessing an industry-wide shift to a Mobile First model of computing in which user experience comes first as employees are able to choose their own device, operating system and apps depending on their specific needs.

This environment also features a different approach to security. For all of its merits, the PC was built on an insecure open file system, forcing the CIO to focus on restriction as the core security approach. Mobile operating systems employ a ‘sandboxed’ approach, restricting the ability of apps to share data with one another and enhancing security in the process - particularly useful when addressing higher levels of demand for new apps and enabling user choice. As a result the security model changes from one of restriction, to one of responsible enablement.

Consumerisation of IT isn’t likely to go anywhere - the range of consumer technologies available to employees will only increase. CIOs that choose to fight against this trend will be facing an uphill struggle. It’s now time for progressive CIOs to use Shadow IT to their advantage, turning it from a security nightmare to a valuable asset for boosting employee productivity.

by Ojas Rege, VP Strategy at MobileIron