Shining a light on Shadow IT

Published On: April 22, 2018By Categories: Cybersecurity ArticlesComments Off on Shining a light on Shadow IT525 words2.7 min read

‘Shadow IT’ refers to apps and services that are in use by members of an organization but not under the control of the IT team. An example might be a team setting up its own Dropbox or Google account to manage documents, or even using more advanced, typically online services to build websites or manage contacts and customers.

Typically, it emerges because the organization’s IT team is felt to be slow or unresponsive, or doesn’t support the app or service in question. It’s a common occurrence in the education sector because teachers are often independent-minded and have specific preferences for the tools and resources they use.

But there’s a problem, of course. Information stored or transacted on systems outside the organisation’s purview are a security and compliance risk. As they’re not subject to your governance, compliance or security protocols, they’re highly vulnerable to improper use or even cyber-crime.

Here’s a startling statistic. According to Gigaom, “81 percent of line-of-business employees admitted to using unauthorised SaaS applications, with 38 percent deliberately using unsanctioned apps.” Why? Because of the IT-approval process.

Make your users your allies

The truth is you need users on your side. The proliferation of accessible and affordable web services, the prevalence of mobile devices and the desire to personalize systems and resources makes it easy for Shadow IT to arise. Teachers are motivated to deliver better outcomes, and they’re often impatient to adopt technologies they think will help them in their jobs. Here are some tips for bringing IT out of the shadows and into the light:

  1. Determine whether your IT-approval process, or response time, is driving users to take IT matters into their own hands.
  2. Build the internal IT brand. You want to be positioned as a partner or helper, not a roadblock to be worked around. If you don’t know how IT is viewed in your organization, find out. Then work to build a better brand.
  3. Build relationships. When was the last time you talked to a teacher about something other than an IT rule or policy? Take steps to reach out to educators within your institution professionally and personally.
  4. Get the situation out in the open. Explain to your users the risks of Shadow IT and demonstrate your willingness to listen to their needs and provide the tools they need. A “no-questions-asked” poll or assessment to find out what tools and apps are being used can help you understand the situation and investigate whether to adopt them officially.
  5. Make the communication ongoing – you want to be involved in a constant dialogue, as new tools (and temptations) are always arising.
  6. Explain why your rules and systems are in place. Frame this in terms of user benefits, not IT necessities i.e. why and how the rules help and protect users and the organisation, especially when it comes to sensitive data.
  7. Finally, listen and learn, and build relationships. There can be a tendency for IT leaders, and others, to tell, or demand, rather than explain or understand when it comes to rules and policies. Taking a more collaborative approach can yield benefits for all.


Contact Us

[contact-form-7 id=”1595″ title=”Contact General”]

Article Contents

Concerned About Your Cybersecurity?

Schedule your no-obligation cybersecurity consultation with Hammer IT Consulting. Fill out the form below to start your experience.

Hammer IT Consulting will never sell or share your information with any third party.