Shadow IT: If You Can't Beat 'Em…
January 5, 2015
3 minute read
If you’re an IT administrator, take a moment to think like Linda from Legal. Sure, Linda uses your mandated tools. If you’re in a traditional IT environment that could mean Outlook, Word, and a shared network drive.
But like every other computer user on the planet, Linda uses a few tools you don’t have control over. Maybe she uses:
- LastPass to manage the many logins your company requires.
- Google Drive, Docs, and Sheets to make it easier to work from home.
- Evernote to take down meeting notes.
That’s right. Linda’s transmitting critical passwords, sensitive internal documents, and long-term plans to third parties over which you have no control. This “shadow IT” is your new reality, and it’s time to adapt.
According to a recent survey of more than a thousand IT admins, 58 percent of end users spend their own money on work-related applications.
Of course, Linda’s probably not trying to hurt the company – she’s trying to do her job better. Another survey found that increased efficiency is the main reason employees turn to shadow IT, and that IT employees are even more likely to use unapproved SaaS applications.
You could try to squash shadow IT. You could also try to put out a brushfire by tap dancing on it. End users will want to use the tools they believe will help them do their jobs better, no matter how you scold them. So how do you maintain security?
Embracing Change
Many IT admins think shadow IT is too unpredictable or insecure to work. But if you take time to talk to your users and learn more about the solutions they’ve discovered, you might be surprised.
Say Linda the lawyer buys a DocuSign license, which enables her to get contracts signed digitally and instantly. She no longer has to hire couriers or wrestle with the fax machine. She saves the company money, the time of the high-level executives who sign those documents, and a small slice of her sanity.
Are those benefits worth the risk that DocuSign gets hacked and your precious information stolen? It depends on the size of that risk. DocuSign, for example, encrypts its documents and maintains a complete audit trail–by many measures, it’s much more secure than giving a paper copy to a courier.
A Shepherd, Not a Sheepdog
To handle shadow IT right, you have to be a shepherd, not a sheepdog. Your charges are going to stray in the directions that help them do their jobs. Instead of barking them into line, guide them on the paths they’ve chosen to take. They’ve chosen these outside tools for a reason–find out why.
After all, Linda’s pretty savvy. Say you refuse to support a tool that makes her life easier. She’ll find a way to use it anyway, in a way that would turn your hair gray. Instead, you could research it yourself and teach the legal team to use it securely.
If you listen to your employees, you can use shadow IT to find tools that make your company more efficient. Your users will think you’re a hero for giving them the tools they want, and so will your boss.
Thousands of cloud applications exist. You aren’t going to be able to recommend applications to fit every user’s needs. And you can’t fully lock down your environment unless you work somewhere that requires retinal scans. So you need to educate your users so you can trust them to make their own decisions. Then, using third-party applications like BetterCloud’s Apps Explorer feature, you can find out when your charges are using apps that don’t fit the criteria you’ve set.
Then you can do some research, find out whether the app works for your organization, and teach your people what they need to know to use it safely. When they start working more happily and efficiently, you can take the credit.