February 19, 2016
Once upon a time, technology was something special, something rare. It was very difficult for the average employee in accounting or sales to discover, acquire, and implement a new technology solution for their department alone. Instead, they would need to depend on the professionals in the IT department to provide these resources, and upon implementation, the technology in use within an organization would be documented, configured, and approved before released to the employees that need it.
Today, things are quite a bit different. Any employee in the enterprise can download a Software-as-a-Service (SaaS) app in under a minute and begin using it immediately without IT ever knowing what happened.
When an employee or department downloads their own technology tool without the approval of IT, it’s called Shadow IT, and it can be an absolute nightmare for the company’s proprietary data and network security.
Shadow IT: Where It Comes from and Why It Is a Threat
Shadow IT occurs naturally and with the best of intentions. It is just what happens when a technology solution is useful, easily accessible, and seemingly safe. To the non-technical employee, there isn’t a single downside to simply finding an app on the Google Play Store and downloading it directly to their company phone, laptop, or tablet.
These employees neither realize the security risks and complications unsanctioned technologies can pose to the environment. Without uniformity and compatibility among technology, departments may become siloes of productivity that are unable to share files, collaborate effectively in meaningful ways, or worse. If a department needs storage space, they may go to a public cloud provider like Amazon Web Services (AWS). Suddenly the expensive storage array purchased by IT is no longer needed. With a swipe of a credit card, they could cause issues for IT. From security breaches, to not being able to plan for resources, to accidentally shutting down the network because IT wasnt ready for the surge in information from a large webinar, Shadow IT can have devastating effects.
So how do you fight it? Technology is everywhere. Employees can access them in seconds. How can you stop something so pervasive?
How to Combat Shadow IT
The first instinct of an IT director may be to simply ban it, bring the hammer down, and forbid non-sanctioned applications from ever traversing the network. It seems like a logical course, but such authoritative measures are going to drive the use of these applications further underground. Professionals want to do their job, and they won’t let the IT department stand in their way if they see a solution. That is precisely why Shadow IT starts in the first place.
Employees will immediately begin to seek out their own solutions if the IT department is seen as an obstacle instead of a resource. Long waits, bureaucracy, and seemingly arbitrary denials will inspire the rest of the company to take matters into their own hands.
Aggressive, negative tactics like a ban will only further this concept of IT as an obstacle. As an IT director, you need to find out what these apps are and either provide an approved alternative or find a way to bring these apps into the fold. To do that, you’ll need a lighter touch.
The Full Pardon / Transparency Approach
If the goal of the IT department is technology transparency, why not be transparent about your intentions? Announce to the organization that you are aware this is happening and ask that departments using any unapproved applications inform the IT department.
That sounds like a tall order at first. To pull this off successfully, you will need to be clear about a few things:
- Be clear as to what kind of apps are not approved by the IT department. List examples.
- Be clear as to why Shadow IT can be harmful to the company.
- Be clear that there will be absolutely no repercussions for anyone involved.
- Be clear that the objective is to find ways for the department to use the app safely.
Once you have a full picture of what your Shadow IT situation looks like, you can then work to ether adopt or forbid on an app by app basis. For those apps you do forbid, be sure to provide an alternative that will serve as an equal or greater solution.
The App-Guru Approach
People like choices, and while there may be multiple apps to accomplish the same sort of task, there are little differences in style, aesthetics, and functionality that will cause someone to prefer one app over the other. With the App-Guru approach, the IT department must change its image from the overseers of all things technology into helpful app-aficionados.
Under this new label, the IT department can position itself as internal IT consultants for their own company. If the marketing department is in need of a third party file sharing application, they can contact IT who will promptly provide a list of approved and vetted options for them to choose from. This requires a distinct shift in company culture. The provided list must not be interpreted as “What IT will let you use,” but rather as “the best apps to solve your problem.”
This approach directly addresses the key reason Shadow IT exists in the first place, the IT department is perceived as an obstacle instead of a resource.
To pull it off correctly, you will need to be mindful of two things:
- The IT department has to be fast. In order to stay helpful, the IT team needs to give their recommendations very quickly or the coworker may just pick something on their own.
- The IT department must be open to suggestions. If a department recommends an application, devote some time to researching it and return with an analysis.
Like what you read?
About Mindsight
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
For Further Reading: