5 Ways to Get on Top of Shadow IT Before It Gets on Top of Your Enterprise
by Andrew Mullen on November 18, 2015
If you want to see the look of sheer terror mixed with utter frustration, just mention Dropbox or Evernote to a corporate IT professional. Embraced by entrepreneurs for their convenience, ease of use, functionality, and of course, the fact that those apps are free, these public cloud services introduce a quagmire of issues for the enterprise that begin with regulatory compliance and end with a large-scale data breach that makes headlines and headaches for IT and PR. So, how can IT get on top of shadow IT before it derails all their carefully laid plans?
1. Monitor the Devices and Traffic on the Network
Determine what authorized devices, users, and applications are in play on your network. Then identify the intruders.
The first step to stopping shadow IT is to identify what people are using it for, how they are using it, and how bad the problem is. You can tell if you've got lots of traffic heading to Google Docs or the iCloud. This informs you about a lot: not only who's up to shadow IT, but what applications they are using, which tells you what you need to provide a safer way to do. They won't quit using Dropbox until you give them a safer option for sharing and collaborating on files.
2. Identify and Address the Riskiest Applications
It probably isn't wise or effective to wage full-scale war on shadow IT. Diplomacy and tactical maneuvers are usually better first steps. For example, say your employees are using 22 apps that aren't IT approved, but only 5 of these carry serious security vulnerabilities. Address those risky apps first, and you won't come across as the tyrant who is just trying to make their lives more difficult. Over time you can educate them on the overall hazards of shadow IT and why it's important to stick with approved apps.
3. Establish Good Policies and Educate Users
Along these lines, when was the last time you reviewed your policies on approved software, devices, and applications? Do you have these policies? Are your users even aware of the policies? Perhaps they know, but don't fully understand why it's so important. Be sure your policies are sound, make sense, and are adequately communicated to your workers, along with the benefits to them (their devices are more secure, the network works faster, etc.) for complying with the policies.
5. Offer a One-Time Free Pass to End Shadow IT
Give users a certain amount of time to come forward and confess their shadow IT sins with no fear of repercussion. This lets you get rid of lots of scary apps while getting a better idea of what your workers need in terms of safe, IT-approved apps to get their jobs done.
An excellent icebreaker to your new policy on shadow IT is a short-term offer of amnesty. This serves several purposes. First, it establishes goodwill among your workers. You can prove you're not just out to get them. Second, it lets you know what they're up to. When workers come forward, it gives you a chance to see what they're using, how, and what they need to get their job done. Then you can develop or provide a better, safer alternative. Finally, it gives you a starting point for addressing shadow IT among the less cooperative workers. At least you will only be chasing down a fraction of rogue apps and users instead of a company full.
You can also end many of your shadow IT problems by consolidating your data and applications in a safe, secure cloud environment like Azure and using a cloud file sharing app like CloudFAST™ to give workers access to the approved apps you have to get the work done. You can see the success other enterprises have had with this infrastructure by reading our customer success stories.