Shadow IT is a real problem in the modern workplace. In this episode of Defrag This, we explore the reasons users turn to the dark side, the risks of unsanctioned IT stacks, and some of the solutions IT teams can use to curb Shadow IT.
Nothing frustrates and cripples IT more than users going rogue.
Joe from marketing thinks the company-approved internet is slow, so he sets up his own WiFi, away from the IT-approved network. Sara from finance decides to use non-approved cloud storage for personal info of employees, exposing private data. Larry uses his own home laptop because the work computer “has too many restrictions,” causing compliance issues.
All these are cases of Shadow IT, and these issues cause headache after headache for IT teams around the globe, especially in the age of BYOD policies.
Together, these two IT gurus bring over 25 years of IT experience. Adam is an IT Operations Manager, and also a freelance writer-- you can find his work at AdamFowlerIT.com. Billy is an IT veteran who specializes in data center monitoring and automation, and he also blogs at systemcenterautomation.com.
You can listen to the full show above, or read on for the CliffNotes version.
What Causes Shadow IT?
Adam noted, that, “sometimes, going to do it themselves is the option they choose.” But Why does one choose to lurk in the dark of Shadow IT? The reasons can be varied, said both Billy and Adam.
If an IT department has become overrun with work, because of say, a personnel reduction or other issue, individuals become frustrated with how long it’s taking for their issues to be addressed. This can create an erosion of trust between IT and others, so individuals will then often take matters into their own hands. While these ideas may seem good in the moment, Shadow IT can often cause bigger problems later.
Another reason some become disillusioned with IT, is they may simply not understand the amount of rules and regulations IT is under. IT is following many guidelines set either by the organization itself, as well as those regulations set by various governmental agencies.
And, Billy added, there are still others who simply want their own control and think they know better than IT. “I’ve also run across people who just don’t want to follow the rules.”-- Billy York
IT is Here to Help
When it comes down to it, IT is in the business of enabling end-users, Billy said. If IT isn’t assisting end-users in their goals and finding useful solutions for them, then IT is probably doing something wrong.
Adam agreed -- IT is in the best position to make the most informed opinion on the risks associated with a particular solution. There are many factors involved with a single proposed solution -- security, compliance, etc.These are all issues IT should have the most information on. So, when an end user iis considering a certain solution, they should always loop in IT. “It ultimately comes down to risk management.”
Shadow IT Within the Clouds
What’s one of the largest Shadow IT culprits? The cloud.
Unauthorized usage of cloud-based programs, such as Google Drive or DropBox, can cause compliance issues with federal privacy acts, as well as security issues for the organization’s network. So, how does an IT team tackle the Cloud?
Firstly, Billy noted, you can restrict users’ ability to install some of these programs; there are rare instances in which an end-user truly needs administrative access to install solutions at-will. Restricting administrative access is a great start.
Adam drew on his experience in Australian IT and suggested application whitelisting for your organization. Create a list of approved solutions for your organization’s network.
Beating Shadow IT
We asked both our guests what their advice was to IT teams on how to handle a Shadow IT within their respective organizations. Here are those answers:
Billy said to focus on the end-user and their needs. Find a solution on what they’re attempting to accomplish. Ensure the solution is one that IT can support, and the organization approves of. “Try to understand what the user needs, and come out with a solution IT can support.”
Adam agreed, and noted that Shadow IT issues “usually come down to communication.” Ensure an open-door policy with the IT department. If individuals find useful, helpful solutions for their concerns within the realm of the IT department, personnel will continue to come to IT, hopefully at the beginning of their needs.
Shadow IT is lurking in the dark corners of many businesses and organizations, haunting IT teams. Unauthorized technology solutions can expose your organization to security threats, and inadvertently cause compliance issues with various regulatory agencies.
To solve these issues, IT needs to foster trust with others, understand their needs, and offer useful, organization-approved solutions.