The first response to Shadow IT of many organisations is to put an end to it – or try to. Understandable, seen it poses a great risk for the organisation, but what if there’s a better way to deal with it? In this blog, I’ll tell you how you can use Shadow IT to your advantage and with that, significantly reduce these risks or even eliminate them all together.
Shadow IT: what and why?
In short, Shadow IT is all IT within an organisation that circumvent the IT department. It includes all kinds of IT, both hardware and software, and it mainly occurs when people go searching themselves for tools to help them with their work.
Imagine that from your IT department, you’ve received a laptop with a few applications on it, but not a single way to easily share files with your colleagues. If you would go through the IT department, in many cases this would mean that you’d have to file a request, they would look at several options, they’d select one, and you wouldn’t have a way to execute this task until this entire process is finished. Seems easier to just quickly create a shared Dropbox.
People want what they need, and they want it now. Running everything through the IT department is, unfortunately, usually not the quickest way to get it. For this reason, often people go looking themselves, no matter the consequences – which we’ll get back to later on. In a time where everything is shifting to the web, this is easier than ever, since many applications and tools are now web based and many of them are offered for free. This brings Shadow IT to a whole new level.
What’s wrong with Shadow IT?
It’s good that people go looking for better/more efficient ways to do their work. Because who doesn’t want their employees to be more productive?
The problem with this, is the fact that it happens behind the back of the IT department. Because what they don’t know about, they can’t control. This poses a great security risk for the entire organisation, because the IT department can’t be sure of the security of the used tools and devices. They also can’t do anything if it does go wrong.
This is also a major threat for compliance. As we all probably know by now, the rules and laws on using and storing (personal) data have become a lot stricter recently. If Shadow IT is used, the IT department will never be sure that they’re fully compliant. How can they, when they have no idea where all data is stored? And if it actually goes wrong, for instance because of a data breach, the IT department has no control at all. Because where was this data stored, and by whom? And which data was that exactly?
Besides the fact that Shadow IT poses a great security risk, it’s also not beneficial for the efficiency within your organisation. Ironic, since Shadow IT mainly arises due to people who go looking for more efficient ways to do their jobs. And that is exactly the problem: everyone goes looking themselves – independently. This results in everyone using different devices, systems, software, applications, storage locations and file types. And that’s even aside all the things just one person uses. So, chaos. This way, something that’s supposed to ensure more efficient work, results in even more unravelling, searching, lost data, double the work and other troubles.
What Shadow IT tells you
If it’s so detrimental to your organisation, why wouldn’t you just put an end to it? Yes, you want to get rid of Shadow IT, but simply denying people access, taking it away from them or blocking their access is counterproductive; it’s a many-headed monster, a hydra if you will: if you chop off one head, three will grow back. Take away one application from people, and they will find multiple others to take its place.
Shadow IT is a sign that apparently, people are not provided with what they need. Therefore, do not just try to stop Shadow IT, but offer them a better way. One that makes Shadow IT redundant.
Balance with an adaptive workspace
Shadow IT is a chance to take inventory of what people are missing, wanting or needing. Find out what people are using as Shadow IT and find an alternative you can offer in a safe and responsible way.
However, this doesn’t mean you should discourage people to go looking for new tools that could help them.
It’s important to find a balance between keeping control over the IT people use within the organisation and letting them free to find and use tools themselves. Between keeping data internally and using external tools, between personalisation and letting everyone work the same. This is possible within a digital workspace such as Workspace 365.
With Workspace 365, you combine all applications, information, documents, news and more in one safe and role-based environment, which is accessible from any device. By using the adaptive workspace, you create a balance between consistency and personalisation within your organisation.
For instance, you make sure that everyone collaborates safely and easily while keeping data secure with the Workspace 365 Document App, but you also make sure that people can personalise their workspace by adding their own applications. With the App Management functions, such as Conditional Access and Multi-Factor Authentication, the IT department easily stays in control, while also being able to quickly and effortlessly make new applications available for teams, groups and individuals when necessary.
Shadow IT is a challenge in itself, as well as a consequence of a larger issue within the organisation: how do you stay in control over IT, but also quickly and easily offer new resources and make sure that people will keep looking for new ways to improve (the efficiency of) their work? By combining everything people need to work in one safe and manageable environment.