From the dawn of BYOD and the millennial workforce, shadow IT has had an ever increasing impact upon organisations on a daily basis. Just as the name suggests, shadow IT refers to free or paid applications that employees use in the shadows of the IT department’s knowledge or approval. Not only have these applications not been authorised, controlled or supported by the internal IT team, but often they aren’t in line with the organisation's requirements for data management, security and compliance. However, many consider shadow IT to be an important source of innovation, enabling employees to work in an efficient manner that appeals to them and can lead to a prototype way of working that benefits the entire business.
Shadow IT can lead to innovation but also lead to risk. It is a balancing act for businesses, with each individual organisation needing to decide just how far they reside along the risk curve. By allowing – or at the very least turning a blind eye to – shadow IT, new working processes that can benefit the wider business may be found. However, shadow IT can also be a security nightmare. Especially when you consider that those members of staff who are likely to use their own solutions will inherently be from the generation of risk takers who are inherently less concerned by the need for all-encompassing security measures. So, how can businesses protect themselves from this laissez faire attitude to risk and how should businesses decide their own risk profile?
BYOD – the first stepping stone to flexible working
In some ways, bring your own device (BYOD) is the one to thank, or blame for shadow IT. Allowing personally chosen devices in the work environment has also led to the adoption of employee chosen applications to access or manage corporate information and data. The general consumerisation of IT and the trend for staff to bring in their own devices has meant that every employee is now a potential user of shadow IT, easily deploying mobile applications. It is no longer just rogue, tech-savvy staff wanting their own tools. Shadow IT has now become a broader issue.
A starting point for businesses wishing to mitigate the risk, is to ensure that their acceptable usage policies are updated to cover the modern day business, and incorporate such trends as home working and BYOD.
Shine light upon the shadows
According to Atos, 36 per cent of shadow IT purchases are being spent on file sharing software, 33 per cent on data archiving, 28 per cent on social tools and 27 per cent on analytics. Often, purchases are driven by impatience with the IT department, with the primary reason for shadow IT cited as the IT department’s inability to test and implement new capabilities and systems in a timely manner, thus smothering creativity and productivity.
The trend for businesses to move core processes to the cloud – and staff’s general acceptance of it – has also accelerated the prevalence of shadow IT, whilst at the same time made it harder to monitor. According to a recent survey conducted by Fruition Partners of 100 UK CIOs, 60 per cent of respondents said there is an increasing culture of shadow IT in their organisations, with 79 per cent admitting that there are cloud services in use that their IT department is not aware of.
A force to be reckoned with and embraced
It is wrong to discuss shadow IT without examining the benefits it can bring in innovation. A recent Frost and Sullivan report entitled The New Hybrid Cloud showed that 49 per cent of staff are comfortable using an unapproved application, because using them helps staff “get their job done more quickly and easily.”
The rise of shadow IT may actually inject a healthy dose of innovative thinking into organisations, so shouldn’t be disregarded from the start. The ability to test new approaches to business problems that could have a positive impact on the bottom line, is vital to employees at all levels. If they are encumbered by the need for permissions, or for budget approvals to get to the technology they need, things can stall at a time when market conditions change quicker than ever. Not to mention, shadow IT applications are often far cheaper than their ‘official’ counterparts procured through the IT department.
Embracing change to encourage innovation
Some of the world’s largest companies are discovering that instead of trying to drive out shadow IT, it is best to embrace it as part of a wider culture of innovation. Adriana Karaboutis, VP and global CIO of Dell recently said: “I don’t chase shadow IT, I chase innovation. When you work in a technology company and have 110,000 best friends that understand technology well and probably even better than you do, you have to be out there working, listening and determining how you can create even more value for the employees and customers that you serve as opposed to being defensive about owning IT.”
I would tend to agree. The onus on forward-thinking businesses shouldn’t be on stamping out shadow IT, but rather encouraging employees to adopt and get the most out of their tools of choice in a secure and productive fashion.
Especially since the advent of shadow IT – and the exponential rise of cloud applications – organisations need to be able to monitor an individual’s data flow at the most basic level, regardless of whether users are in-office or mobile. Solutions such as cloud application control (CAC) can provide businesses with this visibility and the ability to discover, analyse and control all the information staff are accessing or sharing – whether across authorised or unauthorised applications. It is about managing security risks without stifling innovation. By ‘following the user’, businesses can ensure that employees are safe and secure at all times, whether they are using authorised applications or those from the shadows.
Ed Macnair, CEO, CensorNet
Image Credit: Shutterstock/Stefano Tinti