The idea of Shadow IT is definitely not a new concept to anyone. Originally, IT departments had to worry about teams and employees finding their own solutions, out of impatience for IT to play catch up. This would really just cause a mess, with different teams using different solutions, IT wasting business resources of both time and money researching, and purchasing solutions no one needs.
Before, IT departments were mostly worried about employees purchasing their own version of Microsoft Word form a store. Recently, however, IT departments began to worry about employees downloading different consumer apps — for example, using Dropbox in place of email for sharing files. But now, Shadow IT has evolved even further with the massive adoption of BYoD policies.
Teams bringing their own devices to the office, always accessing work files and documents on the go, adds a completely new aspect to the concern of Shadow IT. But leveraging these new trends can help boost productivity and limit security risks when the right policies and protocols are in place.
Tell Me More About Shadow IT
I want to explain the concept and its downfalls before we jump into the solution. While it’s nothing new, Shadow IT can still pose a large threat to almost any sized business. Without teams working on the same platforms and IT or managers capable of monitoring these platforms, your business could wind up with a costly mistake on their hands.
To get a technical definition out of the way, though, we can look to Gartner. According to the advisory firm, Shadow IT has a fairly simple definition:
“Shadow IT refers to IT devices, software and services outside the ownership or control of IT organizations.”
Essentially, any piece of software, or even hardware, that is NOT owned by your business but is used in the office and for work can be considered Shadow IT. If one team decides to use Slack internally, but keeps this decision separate from others or does not ask for permission from the IT department, this can be considered Shadow IT.
Where’s The Problem?
One may be thinking, “So what? They know what tools are best, let them use the best tools.” Well, in reality, this lack of cohesion can lead to numerous issues, and that’s even if IT or managers are aware of Shadow IT practices occurring. Most of the time, though, they are left in the dark — after all, it’s easier to ask for forgiveness than permission.
Like in the old school realm of IT, teams may be fed up and impatient with IT trying to build or find the right solution, so they use what they know in the meantime. Or, more recently with the introduction of BYoD, we get users utilizing their own devices, their own personal social media platforms, their own personal accounts for apps like DropBox, and they are accessing these platforms on the go.
And don’t think Shadow IT has disappeared. According to a study done by Skyhigh Networks on the concept of Shadow IT, the quality of these consumer apps have risen dramatically, so much so that they can stand as replacements for old school or inefficient business-focused solutions. This has overall lead to a rise in Shadow IT and, in turn, more and more IT departments being left in the dark, unaware of the issue at hand.
Going back to personal solutions for a second — if teams are already using DropBox because it is familiar and works well, they will continue to use it at work to get the job done. But it’s these inconsistencies that can lead to issues.
1) A Security Nightmare
If your IT team does not have secure control or monitoring over these platforms, who is to say your critical business information or files are not leaking out or being stolen from under your nose? If your teams are using insecure services, unencrypted communication platforms, or are just flat out downloading malicious software, your entire business could have a huge problem on their hands. Introducing new endpoints introduces new doors into your network.
In fact, Shadow IT could even lead to an unsuspected ransomware attack. If an employee is on the business’ network, using their personal phone to check their personal email, and opens an infected email attachment — well, that infection can now jump and control the entire network. This entire concept is actually why BYoD is considered a security nightmare. However, with the proper policies and inclusion, IT check ups, and security measures, BYoD can be incredibly beneficial.
2) Wasted Resources
One of the biggest downfalls of Shadow IT is the implication of wasted resources. If your business made an investment into an entire ecosystem, say Office 365 for example, it would make most sense for your teams to be using that platform to its fullest. However, if one team decides that Microsoft Teams isn’t a good alternative and starts using Slack instead, you are now not managing the full ROI on the Office 365 ecosystem.
This is exactly why it’s important for your business to find a Messaging or Collaboration solution that works best for everyone; you don’t want to just throw money down the drain on a platform no one is even using. Time is another incredibly valuable resources — even more so than capital, since it can never be regained. If your IT department spends six months researching a solution only to have no one on the team use it, they’ll turn into a clean up crew for the Shadow IT, and you’ll have lost a lot of time and money.
3) Inconsistencies in Business
With different teams or employees using different tools, you can absolutely expect different results. Now, a lack of consistency could be as simple as different teams using different Messaging solutions — say, one team using Cisco Spark and the other using Slack. If this happens, all you did was create an inconsistency that doesn’t even solve the issue these chat apps are supposed to. Instead of integrated internal communications, one team has to download a different app or rely on email.
Perhaps a bigger issue, though, would be the inconsistency that arises in critical business processes. If two different teams are using two different tools and methodologies to analyze the same set of data, it’s incredibly likely that the results will be different. If different teams are using different task management tools, then no one is on the same page, and there will be inconsistencies in project and task completion. These inconsistencies can add up and lead to a less efficient business overall.
4) Risk of Data Loss or Leak
As a follow up on our security threat, one major security threat brought on by Shadow IT is the possible loss or leakage of data. With teams using unsecured services that lack encryption, communications are susceptible to being intercepted. (There’s a reason Slack has been attempting to beef up its security, especially when compared to what Cisco did with Spark’s security.) More importantly, with everything now mobile and always connected, employees will be using these Shadow IT devices and platforms even when they’re not in the office.
One easy way to prevent this would be to set your employees up with a VPN to secure their mobile connections. However, this all falls apart if Shadow IT is taking over, because there won’t be a platform to utilize and build the VPN off of. How do you even ensure your team uses the VPN? The increased risk of data loss or leakage is probably one of the largest concerns brought on by Shadow IT.
Unify Teams with Unified Solutions
The quickest, simplest way to solve a Shadow IT problem is to introduce a single solution that works. The concept and recent trends of Unified Communications, and the solutions that are available, should ultimately prevent the need for Shadow IT. With one universal cloud platform that’s managed from one single portal, with all the features and apps you need bundled together, there isn’t much need for teams to use their own solutions.
Now, that sounds all fine and dandy, but if you recall my Office 365 example, just blindly adopting a cloud solution and expecting everyone to transition instantly is setting your hopes fairly high. However, that doesn’t mean the right solution isn’t out there — it just means your business needs to find the right one.
Add in some security and compliance policies, and it’s very possible to establish a secure, unified platform that fits the needs of every team and user in the business. SaaS apps alone can help by:
- removing the burden from IT departments
- establishing a single platform with security and compliance practices
- providing users with the tools they need that integrate and connect
- allowing for flexibility to grow or shrink a platform as the needs of a team change via cloud solutions
- providing a single central portal location for IT, or general managers, to monitor and ensure compliance
- decreasing costs by, for example removing the need to pay for a unique video conferencing solution
Now, transitioning from Legacy to the Cloud is not for every business. Some may benefit most from a Hybrid solution or even an in-house Cloud network and platform, but, overall, Cloud solutions would be moving your business in the right direction.
BYoD Is a Friend, Not an Enemy
I’ve written guides before on how to find the right solution for your team as well as guidelines for solving the security nightmare of BYoD. You can check them out to better understand how to move forward, but it’s key to remember that BYoD is not an enemy — it should be embraced. As we see, Shadow IT will happen because people want to use what they are most familiar with. This allows users to focus on the task at hand, not the logistics surrounding the task.
And don’t think just blocking all unauthorized apps or websites will work, because employees will generally find a way around these blocks, which further wastes the time and money of both departments. The idea here isn’t to prevent Shadow IT, but rather to embrace it. According to that same Skyhigh Networks report I highlighted previously, the concept of Shadow IT can actually be beneficial to a company if used properly.
Turning Shadow IT into a BYoD policy will allow your IT department to shed certain responsibilities and, in turn, allow them to focus on maintaining a secure network. Establishing a proper BYoD policy, conversing with the IT department or team leads, and utilizing tools like VPNs and encrypted communication platforms are small solutions that will go a long way.