{"id":11845,"date":"2019-07-02T11:00:22","date_gmt":"2019-07-02T16:00:22","guid":{"rendered":"https:\/\/www.mrc-productivity.com\/blog\/?p=11845"},"modified":"2023-05-01T16:37:21","modified_gmt":"2023-05-01T21:37:21","slug":"how-to-deal-with-shadow-it-2","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2019\/07\/how-to-deal-with-shadow-it-2\/","title":{"rendered":"How to deal with \u201cShadow IT\u201d"},"content":{"rendered":"

\"Education\"Summary: Shadow IT–a term used to describe unapproved IT systems and solutions used inside organizations–is growing rapidly. Why is it such a problem? When left unchecked, “Shadow IT” can hurt your business in 3 important ways. In this article, you’ll learn how it can harm your company, along with five steps to address the issue.<\/em>
\n<\/span>
\n<\/a><\/p>\n

\"photo
photo credit: PublicDomainPictures<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

It\u2019s a growing problem. \u201cShadow IT\u201d runs rampant in companies across the globe–often without the IT department\u2019s knowledge.<\/p>\n

What is \u201cShadow IT?\u201d It\u2019s a term used to describe unapproved IT systems and solutions used inside organizations.<\/p>\n

Why is it a problem? It takes company data outside of the IT department\u2019s control<\/strong>. If employees (or entire departments) purchase and use third-party solutions, IT has no way of managing and securing that data. This often puts sensitive data at risk.<\/p>\n

For instance, the IT department may avoid a specific cloud solution because it\u2019s not secure. But, what happens when an employee starts using this cloud solution without IT\u2019s knowledge? They place company data at risk.<\/p>\n

Another problem: \u201cShadow IT\u201d wastes money.<\/strong> When employees license software without communicating with the rest of the business, there\u2019s bound to be overlap. Different departments might purchase the same software, or license software that the company has already licensed.<\/p>\n

Yet another problem with \u201cShadow IT\u201d: It harms data visibility<\/strong>. IT departments already struggle to integrate multiple business systems and provide users with a clear view of their data. Now, imagine what happens when every department uses a different piece of software–unbeknownst to the IT department. Data visibility is nearly impossible.<\/p>\n

So, we know why \u201cShadow IT\u201d is a problem. But, what can you do about it? How can you deal with \u201cShadow IT\u201d in your organization? Here are 5 steps you can take to address this issue:<\/p>\n

1. Understand the extent of the issue<\/h3>\n

The first step to fixing any issue: Acknowledge you have a problem. The problem is, understanding your Shadow IT problem isn\u2019t easy because it\u2019s performed in secret.<\/p>\n

How widespread is it? Unsurprisingly, it\u2019s hard to quantify. Shadow IT statistics are all over the board. I\u2019ve seen surveys placing Shadow IT usage anywhere from 30-61%.<\/p>\n

The fact is, Shadow IT exists in most companies whether IT knows it or not. How can you know how widespread the problem is? It\u2019s a two-step process:<\/p>\n

First, start with a survey of your employees.<\/strong> Ask them what software they\u2019ve been using, but reassure them that they are not in trouble. Rather, explain that it\u2019s important for saving money and securing the network. You\u2019ll be surprised at how much information your users will offer when asked.<\/p>\n

Second, take a look at your network traffic.<\/strong> As explained below, this will help you understand what services are being used and how often they\u2019re accessed.<\/p>\n

\u201cThe first step is learning what is being used by which users,\u201d says Richard Swaisgood, Senior Solutions Architect at Managed Solution<\/span><\/a>. \u201cThis can be accomplished by utilizing your perimeter infrastructure (firewalls etc) to keep track of what your users are connecting to and how much they are using them. I highly recommend upgrading your existing perimeter infrastructure to Web-enabled to get even more data on what is being used, products like Cisco IronPort WSA or Forcepoint Web Security. For the users that are not protected by your perimeter infrastructure, you can utilize per machine agents to collect these logs and get additional data.\u201d<\/p><\/blockquote>\n

2. Understand why it\u2019s happening<\/h3>\n

Many businesses make it through the first step (acknowledging the problem) just fine, but fail at this step. Once they understand that users are bypassing the IT department, it\u2019s treated as an \u201cUs vs. Them\u201d problem. The users are putting data at risk and must be stopped!<\/p>\n

While a legitimate concern, this approach won\u2019t solve your problem.<\/p>\n

If you want to manage Shadow IT, you must first understand why users feel the need to bypass IT in the first place. Is IT moving too slow? Do they not have access to the right applications or data? This is an essential step, and as explained below, one that should be addressed with care.<\/p>\n

\u201cThe specific reasons that employees and business organizations turn to or create their own shadow IT groups or technologies are many,\u201d says Alan Zucker, Founding Principal of Project Management Essentials LLC<\/span><\/a>. \u201cBut, the core is always the same: the formal IT organization is not meeting their needs. This usually comes down to IT not being quick enough or flexible enough.\u201d<\/p>\n

\u201cOften IT organizations consider shadow operations as an affront. Their immediate reaction is \u201chow do I shut that down.\u201d Instead they should approach this as a customer service learning opportunity. Rather than coming in with the heavy hand, ask why? Why is the non-technology or business organization creating its shadow IT group? What are they not receiving from IT? How can IT better deliver on these needs?\u201d<\/p><\/blockquote>\n

3. Set up proper education and communication<\/h3>\n

Chances are, employees aren\u2019t behaving maliciously when they go behind the IT department\u2019s back and obtain third-party solutions. They\u2019re simply trying to solve a problem. Or, they might not realize that their actions can compromise company data.<\/p>\n

In most cases, users are just trying to do their job. They view Shadow IT as the fastest route. But, they don\u2019t consider the security risks because they don\u2019t realize the risks exist. Or, they don\u2019t realize they\u2019re breaking company policies because they don\u2019t realize those policies exist.<\/p>\n

This is one of the most common reasons why employees adopt Shadow IT in the first place. As explained below, setting up clear policies and educating your users about potential risks is a major step towards prevention.<\/p>\n

\u201cThe key to preventing the inevitable battle between employees and IT\/executives is proper education and communication,\u201d says Justin Shelley, CEO of Master Computing<\/span><\/a>. \u201cIt starts with an adequate and up to date AUP (Acceptable Use Policy). All employees should read, understand, and agree to this policy before they are ever given access to company-owned technology.\u201d<\/p>\n

\u201cIt continues with regularly updating the AUP as technology evolves. With each update comes proper education and communication with all staff members affected by the policy. It is all too common, when I ask to see a client\u2019s or prospect\u2019s AUP, to have them dust off a document that was written nearly a decade ago. Bad form! (See what I did there?)\u201d<\/p><\/blockquote>\n

4. Change from \u201ctechnology gatekeeper\u201d to \u201ctechnology partner\u201d<\/h3>\n

In the past, the IT department performed the duties of a technology \u201cgatekeeper.\u201d They controlled technology because it was scarce, and hard for business users to obtain and use.<\/p>\n

Unfortunately, this created what many describe as a \u201cculture of no\u201d among IT departments. These IT departments were more likely to deny user requests than attempt to help solve their problems.<\/p>\n

Those days are gone. IT departments aren\u2019t the only ones with access to technology, but many still behave as though they are. In today\u2019s world of easily accessible technology, IT departments must change their approach. Rather than trying to keep all outside technology out of the business, focus on helping employees address their needs in a secure manner.<\/p>\n

\u201cOne of the most common ways to tackle shadow IT is by having clear and stringent policies. But is this really sufficient? Not really,\u201d explains Natasha Orme, Editor of Insights for Professionals<\/span><\/a>. \u201cAnd tackling this issue doesn\u2019t need to be complicated. IT leaders need to stop imposing top-down demands on other departments, and should instead look for a more collaborative approach to IT procurement, where they work closely with other departments to determine what their specific needs are and find the perfect solution. This approach is important as it still allows employees to identify the most appropriate tools that work best for them, while leaning towards IT professionals for issues surrounding contract negotiations and determining whether the solution can be integrated within IT\u2019s current infrastructure.\u201d<\/p><\/blockquote>\n

5. Give users secure, self-service options<\/h3>\n
\"photo
photo credit: OpenClips<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

On the other side of the coin, many will argue that the IT department has no choice but to act as the \u201ctechnology gatekeeper.\u201d Giving users too much freedom and control only sets the company up for a data breach.<\/p>\n

Besides, most IT departments are already overworked. How can they manage their day-to-day activities, while monitoring software usage on a per-user (or per-department) level?<\/p>\n

The answer lies in data control. The central strategy of the CIO or IT leader should be to ensure data is available where required, but access is secure and traceable.<\/p>\n

The big question: How can IT departments control the data, while giving their users access to the tools and software they need? I\u2019ve seen this problem addressed in a couple of ways:<\/p>\n

The \u201capproved software\u201d list<\/strong>
\nThis method involves giving users access to tools approved by the IT department. Of course, this is only possible through clear communication between the IT department and the users. The IT department must understand the business user\u2019s needs, and provide access to the necessary tools.<\/p>\n

Self-service tools<\/strong>
\nWith this approach, the IT department locks down the data and gives users access to self-service development tools. The users can build the necessary applications over that data, without placing the data at risk. In this way, IT still maintains control over the business data, while giving business units the ability to meet their own needs.<\/p>\n

Summary<\/h3>\n

These are just a few ways to deal with Shadow IT, but there are plenty more. If you would like to add anything to this list, I\u2019d love to hear it. Feel free to share in the comments.<\/p>\n

\r\n\r\n

If you enjoyed this article, sign up for email updates<\/h3>\r\n

Sign up below, and we'll notify you of new blog articles via email. We value your privacy and will never share or sell your information. To learn more about how we handle data, please review our privacy policy<\/a>.\r\n\r\n\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Summary: Shadow IT–a term used to describe unapproved IT systems and solutions used inside organizations–is growing rapidly. Why is it such a problem? When left unchecked, “Shadow IT” can hurt your business in 3 important ways. In this article, you’ll learn how it can harm your company, along with five steps to address the issue.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"How to deal with \u201cShadow IT\u201d - mrc's Cup of Joe Blog","description":"Summary: Shadow IT--a term used to describe unapproved IT systems and solutions used inside organizations--is growing rapidly. Why is it such a problem? When le"},"footnotes":""},"categories":[8],"tags":[77],"class_list":["post-11845","post","type-post","status-publish","format-standard","hentry","category-education","tag-shadow-it"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/11845","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=11845"}],"version-history":[{"count":9,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/11845\/revisions"}],"predecessor-version":[{"id":14848,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/11845\/revisions\/14848"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=11845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=11845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=11845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}