Shedding light on the murky world of Shadow IT

shadow IT

Research conducted by Frost & Sullivan suggests that over 80 per cent of employees use non-approved Software-as-a-Service (SaaS) applications in their jobs.

The development of Shadow IT has grown more out of necessity than anything else, as increasingly tech-savvy employees seek to introduce their own solutions to specific line-of-business problems. There are a multitude of reasons for the prevalence of Shadow IT, which are critical to understanding its creep and what the CIO can do to alleviate it.

Firstly, human beings are naturally inclined to gravitate towards the easiest route possible in order to get their work done and the use of applications in the workplace is no different. For example, with many file-sharing applications such as Dropbox available across both the personal and professional space, it is inevitable that the two spheres would cross over. Nearly half of all employees surveyed by Frost & Sullivan revealed that they were more comfortable with using unapproved applications within the enterprise as they let them to get their jobs done quicker and easier.

Secondly, the advent of Bring Your Own Device (BYOD) has opened up access to a range of unapproved applications on personal devices that can cause huge problems for IT departments. The problem for the IT department is how to monitor and control personal devices and how best to appropriately access those and limit the access possibility to professional data.

Finally, the rapid development of cloud computing has created a new avenue for employees and entire departments to easily circumvent internal IT. With access to the cloud possible through any virtually device, individuals can often access and share documents without going through the proper channels and programs.

The rapid rise of Shadow IT is giving CIOs major headaches. The biggest concern for IT departments is the potential security threat that lurks. The use of unauthorised apps by employees often goes unchecked and unmonitored, and as a result, many firms are experiencing negative consequences from these unsanctioned behaviours. This ranges from a loss of control of documents to information security breaches, data loss and non-compliance issues. According to research M-Files conducted in 2014 some 25 per cent of employees say their company has experienced information security breaches, data loss, non-compliance issues, loss of control over documents through employee use of personal file sharing and sync tools.

The fact that so many employees are willing to use unsanctioned apps points to one thing. Somewhere along the line the needs of the employee are not being met by the existing IT solutions made available to them.

When employees find themselves spending too long on simple, straightforward tasks, such as locating and sharing files and documents, they are likely to look for alternatives that can make their lives easier. The perception is not that their actions will damage the company, or invoke any malicious behaviour from the employee but that their method is quick and simple for getting the task complete.

There are a variety of other reasons as to why individuals turn to unauthorised apps. Without a formal policy on the sharing of files, employees are left with no clear structure on securing and controlling content. Our own research has found that 56 per cent of employees said their company do not have policies in place that prohibit the use of personal file sharing and sync solutions for storing and sharing company documents. A further 14 per cent said they did not know if their company had such policies in place in the first place. These factors coupled with inadequate existing approved software are creating an environment where Shadow IT is becoming much more common in the enterprise.

So how can IT departments combat the growth of Shadow IT? Discovering and understanding some of the unmet employee needs can help to reduce the risks associated with unsanctioned file sharing. With on-going communication between managers, tech support teams and office support staff the shortcomings that employees must overcome can be discovered and a system can be implemented to address these issues.

Educating employees on the dangers of unauthorised apps is vital to helping combat the growth of Shadow IT within an organisation. Employees should be made aware of the potential risks both they and the company face when using unauthorised apps or file sharing. Once employees have been educated on the risks related to Shadow IT, a formal policy can be developed and implemented, one that is inclusive of – but not limited to – file sharing and sync solutions.

Employees should be provided with an alternative system that ensures fast and simple file sharing, but also allows management and tech teams to maintain control and security. One way of doing this is through the use of leading Enterprise Information Management (EIM) solutions to provide the simplicity that employees desire, but the control IT departments require. EIM software can help simplify processes in a variety of ways. For example, with metadata-driven EIM solutions, content classes can easily be determined for identifying what content can reside in the cloud while ensuring confidential information remains on-premises behind the firewall. This helps to reduce the number of documents that can be shared freely over unsecured networks and devices. With EIM solutions, enterprises can ensure that a single, central copy of each information asset can always be found quickly and easily as well as ensure that it is protected with appropriate security and access controls. This helps to reduce the creation of duplicate documents, such as those sent to multiple individuals for amends and approval.

While Shadow IT is prevalent in many organisations, the tools to combat it are readily available. Through the use of EIM solutions, collaboration and file sharing is made much simpler for employees while reducing the risk of unauthorised apps and file sharing. CIOs and IT departments must also make it their priority to raise employee awareness on the dangers posed by unauthorised apps and provide a suitable solution.

Julian Cook, Director of UK Business at M-Files