Ask any IT professional about the greatest threats to IT security, and chances are that shadow IT will rate high on the list. Used to refer to IT systems, software, applications, and solutions designed, installed, and used without explicit IT approval or involvement, shadow IT usually develops quite innocently, despite its nefarious-sounding name. For example, imagine you work in the accounting department, and you want an easier method for keeping track of the petty cash. So you find a free app that allows you to do so — or one of your co-workers develops an app that makes the task simple. You install it and begin using it, usually in far less time than it would take to get IT approval to purchase something else. Sounds great, but when employees are installing and using programs or altering IT infrastructure without approval — and sharing potentially sensitive information — there could be serious security risks.
IT departments spend a great deal of time trying to ferret out and shut down shadow IT. However, what many fail to realize is that IT is often at least partially responsible for the rise of shadow IT, and that changes to how they function can actually stop the problem and improve relationships throughout the organization.
IT Takes Too Long
In many organizations, IT is a bottleneck. A department makes a request for an app or a solution to a problem, and it takes weeks or even months to develop. As a result, a desperate department looks for its own solutions, cutting IT out of the loop.
To prevent this from occurring, IT departments need to look at their own processes and procedures, and determine where holdups occur and find ways to streamline them. This might even include saying no to some requests and helping departments find existing solutions instead.
IT Is Stuck on No
In the past, when IT controlled the technology and the average worker wasn’t especially tech savvy, it was easier for IT department to say no to requests — often claiming that solutions were too complex or expensive to justify implementing for the average user. As a result, many IT departments have a “culture of no,” denying requests as a matter of course instead of helping other departments find solutions. The problem is that the average person is more tech savvy now than ever before, and if IT says no, they will simply find another way.
IT departments spend a great deal of time trying to ferret out and shut down shadow IT. However, what many fail to realize is that IT is often at least partially responsible for the rise of shadow IT, and that changes to how they function can actually stop the problem and improve relationships throughout the organization.
IT Takes Too Long
In many organizations, IT is a bottleneck. A department makes a request for an app or a solution to a problem, and it takes weeks or even months to develop. As a result, a desperate department looks for its own solutions, cutting IT out of the loop.
To prevent this from occurring, IT departments need to look at their own processes and procedures, and determine where holdups occur and find ways to streamline them. This might even include saying no to some requests and helping departments find existing solutions instead.
IT Is Stuck on No
In the past, when IT controlled the technology and the average worker wasn’t especially tech savvy, it was easier for IT department to say no to requests — often claiming that solutions were too complex or expensive to justify implementing for the average user. As a result, many IT departments have a “culture of no,” denying requests as a matter of course instead of helping other departments find solutions. The problem is that the average person is more tech savvy now than ever before, and if IT says no, they will simply find another way.
IT Is Disorganized
Most employees aren’t looking for ways to cost their employers money or cause security breaches. However, when they need something, they expect that IT will know what is immediately available already and be able to grant access. In many companies, though, IT does not have an accurate accounting of what software is installed where, or which licenses are in effect. As a result, employees may decide to find their own solutions rather than run the gauntlet of red tape and acquisitions requests. With a comprehensive entitlement management solution, though, IT can more effectively stay on top of the software and applications in use throughout the organization, making it easy to determine what’s available and what isn’t.
IT Doesn’t Provide Enough Education
In many cases, employees do not even realize that they are doing anything dangerous when they engage in shadow IT. They are simply trying to do their jobs. It’s important for IT to explain why using unsecured cloud services to transmit files is dangerous or why certain software creates compliance issues. When employees understand the dangers and the reasons for prohibitions and policies, they are more likely to work with you instead of finding ways around your policies.
All of this isn’t to say that IT is the “bad guys” in any organization, or that employees will never resort to shadow IT if you give them everything they ask for. However, by taking a closer look at how the department operates, you may identify issues and policies that are actually causing shadow IT, and be better prepared to stop the problem.
Most employees aren’t looking for ways to cost their employers money or cause security breaches. However, when they need something, they expect that IT will know what is immediately available already and be able to grant access. In many companies, though, IT does not have an accurate accounting of what software is installed where, or which licenses are in effect. As a result, employees may decide to find their own solutions rather than run the gauntlet of red tape and acquisitions requests. With a comprehensive entitlement management solution, though, IT can more effectively stay on top of the software and applications in use throughout the organization, making it easy to determine what’s available and what isn’t.
IT Doesn’t Provide Enough Education
In many cases, employees do not even realize that they are doing anything dangerous when they engage in shadow IT. They are simply trying to do their jobs. It’s important for IT to explain why using unsecured cloud services to transmit files is dangerous or why certain software creates compliance issues. When employees understand the dangers and the reasons for prohibitions and policies, they are more likely to work with you instead of finding ways around your policies.
All of this isn’t to say that IT is the “bad guys” in any organization, or that employees will never resort to shadow IT if you give them everything they ask for. However, by taking a closer look at how the department operates, you may identify issues and policies that are actually causing shadow IT, and be better prepared to stop the problem.