Why It’s Important to Stop Shadow IT in Your Business
Deploying IT services such as new software within a business can be a challenging endeavour. It’s a process that’s normally centralized and overseen by an organization’s IT department so that all the necessary considerations can be made. They are often responsible for identifying the right software based on the business’ needs and requirements, carefully planning, testing and executing the deployment, and having the necessary training and support in place for the end users so that they can use it effectively.
Cloud-based applications, however, can be convenient and quick to use without much effort. Unlike traditional programs that run directly on a PC, cloud apps are hosted online, and they can allow employees to store files and access their work from multiple devices and locations, easily collaborate and communicate with one another, access additional computing power, and more. They have become so popular, though, that many employees may start using them without telling their IT department, or considering whether they are safe to use.
The use of cloud applications by employees without the IT department knowing is known as “shadow IT,” and it can create a blind spot for organizations – bringing about potential security risks and unforeseen costs. While it might sound impressive, shadow IT can come about in very mundane ways. For example, an employee might use their personal cloud sharing account to quickly transfer large files to a colleague – without realizing that their business’ data could be vulnerable.
A recent survey by the Cloud Security Alliance asked IT and security professionals about the risks of shadow IT. The respondents’ main concerns were for the security of corporate data (49%), followed by potential compliance violations (25%), the ability to enforce policies (19%), and the use of redundant services creating inefficiency (8%). And 71% of respondents were at least somewhat concerned about the prevalence of shadow IT in their own organizations.
To stop the spread of shadow IT, organizations should consider the following:
Bring shadow IT into the light
An organization can find evidence of shadow IT by reviewing bills and expense reports that could show ongoing services being charged to the company. IT teams can also examine outbound traffic reports that show suspicious interactions with off-premises services. Some IT security providers can also help find shadow IT in your organization by performing a security assessment, and can even assess the general security of the apps being used in your organization or that you would like to use.
It’s also worth sending out a message to all employees asking them if they’ve been using external cloud apps or storing corporate data outside of the organization. It can also help identify if there are common apps being used, giving an IT department a better idea of employee needs.
Educate employees and managers on safe cloud usage
As mentioned, it’s likely that many employees don’t know they’re putting their company at risk when using unauthorized applications. It’s important for the IT department to develop clear policies on appropriate practices for handling corporate data, make those policies easily accessible, and reinforce them through regular internal communications.
And when it comes to using cloud applications securely, check out our recent blog post covering five best practices that employees can follow – and have these types of best practices communicated within your organization.
Ensure IT is responsive to the company’s needs
Employees and managers may deploy their own cloud services if the IT team often rejects requests without explanations or alternative options, or is perceived to take too long to respond to their requests. Even if IT deems a particular cloud service too risky, they can help to identify other apps that have the features and functions employees want – but with the necessary security in place. Ultimately, employees need to feel that their IT department is enabling them to do their jobs better.
Proactively offer the cloud applications employees need to be productive
Businesses can offer a wide variety of approved cloud services for their employees from a secure cloud provider so they aren’t compelled to seek out services on their own. This can include cloud-based unified communications services and email, Software as a Service (SaaS) applications like Microsoft’s Office 365 suite for improved collaboration and file sharing, and Infrastructure as a Service (IaaS) applications for on-demand cloud computing and storage.
The bottom line
The spread of shadow IT can be a result of an organization not informing employees and managers about the proper procedures when dealing with corporate data, or not providing safer alternatives to the cloud apps they’re tempted to use without telling the IT department. To curb shadow IT in your organization, work with your employees and your IT team to identify and roll out the cloud services your teams need to be productive.
Are there cloud applications you know your employees are using that your IT team is unaware of? And do you have questions about secure alternatives that you can work with your IT team to deploy within your organization? Let us know in the comments, below.