Have you ever used your personal Dropbox, WeTransfer or Google Drive to send a big file outside of your company because it was too big to send via corporate email? Have you ever installed Skype or created a Facebook page to get in touch with your customers without approval from your company? If the answer to these questions is YES, then you know exactly what Shadow IT is, maybe not by its name but you have definitely practiced it. In this blog we explore this topic a bit further and explain what you can do about it.
If not, you most likely have colleagues that use software that is not supported, and in some cases not even allowed by your company. As this paper shows, 80% of employees admit using non-approved applications in their jobs.
If you want a full definition of what Shadow IT is, Wikipedia explains it very well.
Why use non-approved or unsupported tools in your company?
Well, that’s very easy to explain. Most non-approved tools used have a couple of things in common: they’re very easy to use, convenient, and most importantly get the job done right away.
No barriers, no heavy IT-skills involved for employees to start using it.
Should you as a company prevent people to run their own IT?
Shadow IT is not a new phenomenon. It emerged since the early ’90s but gained more and more traction with the rise of Cloud solutions and more in particular with SaaS. Shadow IT got to a whole new level.
We believe that Shadow IT is definitely an enabler for innovation, but companies have to take the necessary measures in order to mitigate risks and minimise the implications it can bring.
Security risks & implications of shadow IT
Shadow IT brings lots of security risks and implications, both for business users and the IT department.
Here are the top 3 consequences of Shadow IT:
- Wasted time and investment
Shadow IT adds hidden costs to organisations. Business users spend a significant amount of time setting up and managing systems and software without experience, while IT departments invest time and means to deliver systems that might not be used organisation wide. - Higher risk of data loss or leaks
Since Shadow IT is not managed or audited by the company, there’s no clear procedure or guideline when for instance employees or even originators of Shadow IT leave the company with proprietary data. - Organisational dysfunction
Shadow IT creates dysfunctional environments, leading to greater gaps between business and IT departments, which in turn lead to significant management issues.
What can you do about shadow IT?
When some only see risks and threats of Shadow IT, others see OPPORTUNITY.
Companies that recognise the issues and risks, and take action upon it, can turn Shadow IT into their advantage.
Here are some steps you can take as a company in this process:
- Explore: instead of maintaining or adapting existing systems to business needs, have a look at managed service providers that allow business improvement.
- Be inclusive rather than exclusive: there is a wide variety of proven SaaS solutions out there on the market used by millions of businesses every day. Instead of blocking or limiting employees to a set of tools, set up clear guidelines and policies and collaborate with the business to find the best solutions out there.
- Embrace and exploit: new ownership and consumption models lead to new and better ways of getting the job done. Give people the tools they need to be productive and work more efficiently.
Shadow IT can pose serious risks to your business. We recommend every organisation to take a hard look at possible shadow IT risks within the company and to approach it as an opportunity instead.