The term shadow IT refers to the phenomenon of business units and employees buying and using IT software and hardware without consulting or informing an organization’s central IT department. It can have both pros and cons, but one thing is certain: it makes it hard to manage your overall technology portfolio. In this blog post, we’ll discuss why shadow IT can happen, how to identify its presence in your organization, and what you can do to eliminate it.
What is Shadow IT?
While many organizations view technology as a way to boost productivity, some employees see it as an opportunity to decide for themselves how their IT needs will be met—and sometimes that means using services or resources that have not been authorized by the company’s IT department. This type of activity is referred to as “shadow IT.” It’s usually done without permission from management, with no oversight and little accountability. Shadow IT can be good news if it means your team members are being productive in ways you hadn’t considered before, but it’s bad news if they’re using unauthorized tools or systems that expose sensitive company data or otherwise put your business at risk.
It’s not just employees who participate in shadow IT. There are plenty of authorized tools and resources available today that were not put in place by your organization’s IT department. This can happen for many reasons, but most often it is a result of groups within an organization deciding they don’t need central oversight to use these tools effectively—and they’re right, at least to some extent.
Using software or hardware that is not officially sanctioned by your company is something of a grey area. For example, if you get an email from your employee asking for access to Slack, it can be hard to say no without explaining why—is it because they’re working on confidential data? Are they using your bandwidth on their own time? Is there another potential issue at play here? When in doubt, seek guidance from your organization’s IT department.
Strategies for Eliminating Shadow IT
It might seem like a simple task: a few keywords in a help desk software, one or two clicks on a Web interface. But for each individual action that makes up shadow IT, there’s typically an opposite and equal reaction. An employee manually creating new accounts or not abiding by corporate data policies can lead to more complex problems such as information being held outside of your security systems. If you want to eliminate shadow IT, you must look at it holistically—not just single events but how they fit into an organizational culture that values self-sufficiency above all else.
If you’re struggling with shadow IT, one thing you can do is examine your company’s policies. Are they leading to an adverse effect? If so, consider revising them. While every situation is different, a few common policies that are ripe for abuse include the Bring Your Own Device (BYOD) policy, the Acceptable Use Policy, and the Data Security Policy.
Findings from a worldwide survey of information workers found that about 20% admitted using personal devices for work purposes, with even higher figures (about 30%) in countries like China, India, and Brazil. And when asked about their corporate culture regarding devices at work, 85% believed it was OK for them to use their own smartphone or tablet device at work. Thus, many employers are battling against both their users’ expectations as well as an organizational cultural shift toward self-sufficiency.
As an enterprise, you can’t force your users to follow your policies if they don’t buy into them. Instead, look for ways you can incorporate aspects of self-sufficiency that help users do their jobs better. For example, rather than barring employees from using their own smartphones at work, give them a secure connection option that automatically configures security settings on corporate devices.
You can’t eliminate shadow IT entirely, but you can put systems in place that will help keep it in check. Look for ways you can use technology to support your users, even if it’s outside of traditional corporate processes. If they feel supported by their organization, employees are more likely to buy into policies as well.
Strategies for Managing Tech Responsibility
Unfortunately, there is no one-size-fits-all approach for making sure that shadow IT doesn’t wreak havoc on your organization. No matter how you choose to deal with it, however, a few factors should always be at play: Determine what existing infrastructure will work best for your situation (are you looking for simplicity or versatility?); seek advice from people who are already familiar with that system; look into cloud options if necessary; make sure everyone agrees on an approach before implementation.
After you’ve chosen your strategy, be sure that everyone understands their part in implementing it. This will help ensure success. Communicate your vision; get buy-in from all stakeholders; give people time to learn new systems; encourage input on decisions; set a timetable for everyone involved. Remember that it may take some time for people to adjust. Be patient, and make sure that everyone understands why changes are happening.
By using these strategies, you’ll ensure that your enterprise is as streamlined as possible. From there, it’s just a matter of adding new projects on top of existing ones. There will always be something new popping up, so do your best to stay organized!
If you need assistance creating and disseminating IT policies that will limit or remove shadow IT in your organization, we can help! Axeleos has extensive expertise in writing IT-related policies that work for employees and the business. Contact us today and let’s talk about how to shore up your IT policies.