{"id":10770,"date":"2017-02-07T10:29:15","date_gmt":"2017-02-07T16:29:15","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=10770"},"modified":"2017-02-16T16:11:58","modified_gmt":"2017-02-16T22:11:58","slug":"7-steps-to-prevent-shadow-it","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2017\/02\/7-steps-to-prevent-shadow-it\/","title":{"rendered":"7 steps to prevent Shadow IT"},"content":{"rendered":"

\"Education\"Summary: A rapidly growing trend, “Shadow IT” is the use of unapproved IT systems and solutions within organizations. End users are increasingly bypassing IT in favor of third party solutions and services. However, stopping Shadow IT isn’t as easy as flipping a switch. In this article, we explore the steps you must take in order to prevent Shadow IT in your organization.<\/em><\/span>
\n<\/a>
\n

\"photo
photo credit: PublicDomainPictures<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure><\/p>\n

Shadow IT is not a new trend. But, it\u2019s been steadily growing over the past few years–unbeknownst to many businesses. In fact, few business leaders realize just how prevalent it actually is. <\/p>\n

How bad is it? According to one report<\/span><\/a>, the use of Shadow IT is 15-20 times higher than CIOs predict.<\/p>\n

In other words, if you think your company doesn\u2019t have a Shadow IT problem…think again. By its very nature, Shadow IT grows without you realizing it. For all you know, it could be running rampant in your company. <\/p>\n

Why is this so bad? I won\u2019t get into all of details, because most businesses are probably well aware of the risks by now. When left uncontrolled, Shadow IT can open up your business to data privacy, compliance, and general security risks. <\/p>\n

The big question:<\/strong> How do you prevent these problems? How can you control Shadow IT? <\/p>\n

The answer:<\/strong> It\u2019s complicated. <\/p>\n

You see, preventing Shadow IT isn\u2019t as easy as flipping a switch. It\u2019s not exactly cut and dried. It\u2019s a complex topic that you must handle with care. <\/p>\n

So, what\u2019s the answer? Today, let\u2019s explore a few steps you must take to prevent Shadow IT in your organization.<\/p>\n

1. Understand the problem<\/h3>\n
\"photo
photo credit: Marco Bellucci<\/a> via photopin<\/a> cc<\/a><\/figcaption><\/figure>\n

When business leaders first discover they have a Shadow IT problem, many respond with anger. After all, their users are bypassing the IT department. They\u2019re creating security risks that could damage the company. This must be stopped! <\/p>\n

The problem is, responding in this way won\u2019t prevent Shadow IT (and may make it worse). <\/p>\n

Why? <\/p>\n

Because Shadow IT is a symptom of a larger problem: Why are users bypassing IT in the first place? Trying to stop Shadow IT without first answering that question is a lesson in futility.<\/p>\n

\n\u201cBefore even attempting to put a stop to shadow IT, businesses must first ask themselves why their employees are so reluctant to use the technologies provided for them,\u201d says Tom Pressley, the Director of Marketing at Fuze<\/span><\/a>. \u201cFuze\u2019s research shows that 48% of workers feel that their employers don\u2019t provide adequate technologies, making their day-to-day work less effective. 69% also agree their workplace tech is behind that which they use within their personal lives. Given this disconnect, is it any wonder that employees are circumventing the IT department and using their own apps and devices?\u201d<\/p>\n

\u201cClearly, the problem for businesses is not stopping shadow IT, but rather identifying flaws within their own technology\/communications infrastructure that are forcing employees to use their own personal alternatives.\u201d\n<\/p><\/blockquote>\n

2. Engage the users<\/h3>\n

While Shadow IT may appear malicious, that\u2019s generally not the case. Employees are just trying to get their job done in the most efficient way possible. Shadow IT often provides the simplest path. <\/p>\n

The first step in Shadow IT prevention: Communication. Engage the users. Understand what tools they\u2019re using, and what they\u2019re trying to accomplish. Ask them why they\u2019re not using the tools you\u2019ve provided (assuming you\u2019ve provided similar tools). <\/p>\n

What\u2019s the best way to go about this?<\/p>\n

Start with a simple survey. You\u2019d be surprised at how many unauthorized tools you\u2019ll uncover, simply because the employees didn\u2019t realize they were practicing Shadow IT. <\/p>\n

\n\u201cOne successful idea is for IT to engage the users,\u201d says Greg Kelley, EnCE, DFCP, CTO and Founder at Vestige Digital Investigations<\/span><\/a>. \u201cFind out from the users what it is about Shadow IT services that are making their lives easier. Then IT can see what they can implement or change so that the Shadow IT processes are no longer attractive. This effort is one of collaboration between IT, management and the users. Management needs to understand the issues with Shadow IT (namely, losing control of their data), encourage IT to look for solutions and enforce the company policies with the users.\u201d\n<\/p><\/blockquote>\n

3. Eliminate bottlenecks with self-service options<\/h3>\n
\"photo
photo credit: weinstock<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

One reason users turn to Shadow IT: To avoid bottlenecks. In their opinion, the IT department doesn\u2019t deliver solutions fast enough. They put in a request to IT…and wait. <\/p>\n

Here\u2019s a common example: In many companies, reporting runs through the IT department. However, this process often takes days or weeks. Users eventually get tired of waiting, and find their own reporting solutions.<\/p>\n

How can you eliminate these bottlenecks? <\/p>\n

Offer controlled, self-service options. For example, you could create a portal with approved solutions that users can download and use when needed. This eliminates the approval process bottleneck, and lets them start using secure solutions immediately.<\/p>\n

Or, another popular example: Offer self-service development platforms. These platforms let end users create their own custom solutions (like reports, dashboards, data lookups, etc\u2026) without coding. Now, they obviously can\u2019t replace all development efforts, as the IT department must still handle complex projects. But, as explained below, offloading these simple development tasks to the users will save time for all involved.<\/p>\n

\n\u201cOne way IT departments are addressing the Consumerization of IT and the related problem of Shadow IT applications is by making \u201cin-house\u201d provided services easier to use,” says Kevin Coppins, General Manager of the Americas at EasyVista<\/span><\/a>. “Repurposing enterprise-grade ITSM tools and their underlying ITIL best practices across the enterprise has been happening for years. Giving the actual business functions a code-less development platform to build and provision \u201cConsumer Like\u201d purposeful applications leveraging enterprise ITSM creates the win-win. Employees in governance-heavy enterprise environments now get the personalized service they need. The IT department becomes an enabler for change rather than a bottleneck to progress.\u201d\n<\/p><\/blockquote>\n

4. Ensure Awareness<\/h3>\n

Another big reason for Shadow IT: Employees are unaware an authorized solution exists. <\/p>\n

It\u2019s a common problem. The end users don\u2019t know where to find IT-authorized applications to meet their needs. Or, they don\u2019t know such applications are even offered by their company. So, they find their own solutions.<\/p>\n

Preventing Shadow IT often comes down to improving awareness. If your business has already licensed the tools your users need, make it painfully obvious. Make sure they understand what each tool is, what each one does, and where to get them. <\/p>\n

What\u2019s the best way to do this? As explained below, a simple document outlining common activities and the associated IT solution is all most companies will need.<\/p>\n

\n\u201cEnsure that all employees are aware of everything that it is currently available through or recommended by IT,\u201d says Nic Grange, CTO of Retriever Communications<\/span><\/a>. \u201cIt could be as simple as having a document with a table that lists all the common activities that employees might do, the respective IT solution and how\/where an employee can access this. As an example, the activity might be to \u201cshare files between employees\u201d, the solution might be to use Microsoft OneDrive and employees can access it through their laptop\u2019s SOE or download the app onto their mobile device from the app store and use their existing Active Directory credentials.\u201d<\/p>\n

\u201cThey would need to also have a process where other activities can be added and even if there isn\u2019t a clear solution yet, they should at least formulate some guidelines.\u201d\n<\/p><\/blockquote>\n

5. Educate your users<\/h3>\n
\"photo
photo credit: jarmoluk<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

Yet another big reason for Shadow IT: Ignorance. Employees aren\u2019t aware of your Shadow IT policies, or of the risks associated with it.<\/p>\n

As I mentioned earlier, users are just trying to do their job. They view Shadow IT as the fastest route. But, they don\u2019t consider the security risks because they don\u2019t realize the risks exist. Or, they don\u2019t realize they\u2019re breaking company policies because they don\u2019t realize those policies exist.<\/p>\n

As explained below, this is one of the common reasons why employees adopt Shadow IT in the first place. Setting up clear policies and educating your users about potential risks is a major step towards prevention.<\/p>\n

\n\u201cOne of the biggest drivers for employees adopting Shadow IT is that they’re unaware that it is against company policy and unaware of the potential issues that it can cause,\u201d says Dr. Markus Schumacher, CEO of Virtual Forge<\/span><\/a>. \u201cThey say that the best offense is a good defense, and that saying really rings true for Shadow IT. CIOs need to ensure that employees understand what shadow IT is (including common examples) and how it should and shouldn’t be used. This policy should be easy to understand for employees that aren’t technologically savvy and it should clearly spell out the steps that employees should take if they are using Shadow IT and need to work with the IT department to get outside software approved.\u201d\n<\/p><\/blockquote>\n

6. Provide a grace period<\/h3>\n

Okay, so let\u2019s assume you understand what solutions the users need and have provided them with secure options. You\u2019ve even ensured that all users know these options exist. <\/p>\n

How do you move users away from the Shadow IT solutions they\u2019re currently using? <\/p>\n

As mentioned above, it starts with education. The next step: Remove the barriers. Make it easy for users to switch from their Shadow IT solution to an IT-authorized solution.<\/p>\n

How can you do this? Offer a grace period. As explained below, giving employees the chance to come clean without any repercussions is a great way to alleviate fear.<\/p>\n

\n\u201cEmployees often don\u2019t even realize how their actions can impact security,\u201d says Marcia Walker, Principal Consultant at SAS Institute<\/span><\/a>. \u201cAn exercise like this can help educate them. Also, consider instituting an amnesty period \u2013 a time for users to come forward and declare unauthorized technology without negative consequences. This strategy alleviates fear and encourages transparency, so problems can be addressed in keeping with the company\u2019s security strategy. What you don\u2019t know can hurt you.\u201d\n<\/p><\/blockquote>\n

7. Set up monitoring<\/h3>\n
\"photo
photo credit: geralt<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

Now, in a perfect world, the steps outlined above will do the trick. Once employees understand the risks and have access to viable alternatives, Shadow IT should disappear…right?<\/p>\n

Unfortunately, we don\u2019t live in a perfect world. You\u2019ll likely have a few employees who will break the rules, and still practice Shadow IT.<\/p>\n

What can you do? Set up systems to monitor network traffic and cloud usage. As explained below, new tools are emerging that make this process simpler.<\/p>\n

\n\u201cWhile cloud app adoption is swift, adoption of security solutions for cloud apps, known as Cloud Access Security Brokers (CASBs), has trailed behind,\u201d says David Waugh, VP of Sales & Marketing, ManagedMethods<\/span><\/a>. \u201cOnly 20% of enterprises currently use a CASB, but Gartner expects the figure to jump to 85% by 2020. A business\u2019 IT department should have visibility into all cloud programs, apps, files, data and users. This visibility lets IT pros check that their team is using and sharing data on cloud apps securely and take action on unauthorized activity. <\/p>\n

Gartner expects that by the end of this year, 35% of enterprise IT expenditure will go towards addressing Shadow IT\/Shadow Data. Once you have visibility into Shadow IT\/Shadow Data, you can make better technology decisions.\u201d\n<\/p><\/blockquote>\n

Summary<\/h3>\n

Now, these are just 7 steps to help prevent Shadow IT, but the list could be longer. Would you add anything to this list? If so, feel free to share in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: A rapidly growing trend, “Shadow IT” is the use of unapproved IT systems and solutions within organizations. End users are increasingly bypassing IT in favor of third party solutions and services. However, stopping Shadow IT isn’t as easy as flipping a switch. In this article, we explore the steps you must take in order …<\/p>\n

7 steps to prevent Shadow IT<\/span> Read More »<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"7 steps to prevent Shadow IT - mrc's Cup of Joe Blog","description":"Summary: A rapidly growing trend, \"Shadow IT\" is the use of unapproved IT systems and solutions within organizations. End users are increasingly bypassing IT in"},"footnotes":""},"categories":[8],"tags":[77],"class_list":["post-10770","post","type-post","status-publish","format-standard","hentry","category-education","tag-shadow-it"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=10770"}],"version-history":[{"count":5,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10770\/revisions"}],"predecessor-version":[{"id":10777,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10770\/revisions\/10777"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=10770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=10770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=10770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}