What is 'Shadow IT'?
We all know that using information technology — programs, apps, or internet browsing — carries a certain amount of risk. Nobody wants to have their secure data compromised, but technology brings enough benefits that the risk is worth it. So you vet certain systems, you establish protocols, you update and patch your software, and you keep track of the technology used at work.
But what about the technology your employees are using that isn’t part of your official plan? We’re talking about messaging apps, Excel macros, media downloading and file sharing apps, collaboration spaces, and even hardware like USB drives, smartphone storage, and personal laptops that you don’t control.
We call this “shadow IT,” and that’s a whole lot of potential holes to cover!
In the Beginning
It used to be, technology was implemented into corporations and then adopted by consumers. Today, with the trend of IT Consumerization, vendors market directly to end users. These consumers are the on trend first adopters of the newest technology and then want to bring it into the workplace. This has lead to a lot of bad actors embedding malware into the newest, largest, cheapest and even completely fake apps that get released everyday.
With the global marketplace, the need for remote access has some people using these applications without thinking of the security risks.
What to do about it
Well, your gut reflex might be to “crack down” on using unauthorized technology for work purposes. Swallow that reaction, though — you can’t stop it, and you’ll just harm morale and productivity. You’ll also drive usage even further underground; your people won’t be honest with you for fear of reprisal. That means that if a compromise occurs, you’ll be the last to know.
Instead, keep an eye on the situation. Make it clear that you support employees using the tools they need to get the job done, as long as they let you know what those tools are.
If your people start using other cloud storage apps, that’s fine — but have them explain how they’ll keep that data secure. Just as you empower them to find their own tools, empower them to reach out to your IT provider to keep things secure.
You probably can’t come up with a list of all the shadow IT that’s being used at your work, but you can keep an eye on the trends as they develop. Research the technology that’s being used and watch the headlines for data breaches or other compromises.
Adopt BYOD, AUP and 2FA policies
In some cases, you will have to crack down on specific apps, programs, or devices being used at your work; they’re just too risky. If you’ve worked with employees and fostered good communication, this shouldn’t be an issue.
Adopt a clear acceptable usage policy to let staff know the liability risks. Ensure logins from a mobile device or laptop has a Two Factor Authorization and proper antivirus. Remember to avoid blaming employees when shadow IT becomes a problem — especially if they bring the issue to your attention themselves.
There’s nothing wrong with asking your people to stop using a specific program or device, as long as you’re transparent and have good reasons.
Last, but not least, try to look on the bright side. Shadow IT may be a little risky, but it also presents opportunities for employees to improve communication, drive productivity and try out new best practices. They’re also showing self-starter tendencies and trying to do their job better. And that’s something you should always support!