Addressing the issue of shadow IT

Published On: August 9, 2017By Categories: Cybersecurity Articles0 Comments on Addressing the issue of shadow IT498 words2.5 min read

Shadow IT, or the use of technology and applications outside the purview—or even knowledge—of IT staff is a big problem in many sectors, but particularly in education. Why? Because teachers operate fairly independently and often feel empowered to bring in their own devices—even storage devices. Consider this: do you have any idea how many of your teachers are storing school-related data in the cloud through cloud services that aren’t authorized by your school?

If teachers, and others, aren’t keeping their data on your servers, you’re at risk for the loss of intellectual property, data security and privacy breaches, and more.

Here’s a startling statistic. According to Gigaom, “81 percent of line-of-business employees admitted to using unauthorized SaaS applications, with 38 percent deliberately using unsanctioned apps.” Why? Because of the IT-approval process.

Face it. IT can be, and often is, viewed more as a burden or barrier than a resource or aid. There may be very good reasons for IT rules and an inability to respond to user demands as quickly as they would like. But the simple truth is that you need users on your side.

A proliferation of personal devices, the widespread availability of free apps to download, and offers of free cloud storage or tools all represent risks to the integrity of your IT system. Here are some best practice tips to help you get your arms around the issue:

  1. Determine whether your IT-approval process, or response time, is driving users to take IT matters into their own hands.
  2. Build the internal IT brand. IT can often be viewed as a roadblock. If that’s true in your organization, users are likely to take whatever steps they can to work around the rules. How is your IT function viewed? If you don’t know, find out. Then work to build a better brand.
  3. Build relationships. When was the last time you talked to a teacher about something other than an IT rule or policy? Take steps to reach out to educators within your institution professionally and personally.
  4. Get the situation out in the open. What your users don’t know could hurt them. But you need to communicate risks in a way that doesn’t seem heavy-handed or scolding. Conducting a “no-questions-asked” poll or assessment to find out what tools and apps are being used can help you understand the situation on your campus. A potential side bonus: you may learn of commonly used tools that could be adopted by your school.
  5. Keep the communication ongoing. Once is not enough.
  6. Explain the why behind the rules in a way that clearly conveys language that represents a benefit to the end user: what’s in it for them?
  7. Finally, listen to learn—and to build relationships. There can be a tendency for IT leaders, and others, to tell, or demand, rather than explain or understand when it comes to rules and policies. Taking a more collaborative approach can yield benefits for all.

Article Contents

Concerned About Your Cybersecurity?

Schedule your no-obligation cybersecurity consultation with Hammer IT Consulting. Fill out the form below to start your experience.

Hammer IT Consulting will never sell or share your information with any third party.