The rapid adjustment to remote workers has caused many issues in its wake, from software bloat to unsecure networks. 61% of cybersecurity professionals express concern about the IT security risks associated with that unplanned adjustment to a remote workforce.
One of the big adjustments for Houston businesses was the need to move to cloud solutions to keep work-from-home employees connected to the business applications and data they need to keep the office operations running.
This combination of the abrupt switch to a home environment, which often meant working from a home PC instead of a work computer, and the need to use the cloud to stay connected has led to an alarming rise in shadow IT.
What is Shadow IT?
Shadow IT describes applications and software that employees use on their own for work without the knowledge of a company’s IT team or IT provider. When this happens, it means that business data is being used in apps that may not be secure and may mean problems for company data compliance.
It usually happens innocently enough. An employee is newly working from home and realizes they need a place to easily share their work files with colleagues. So, they choose a cloud file storage app to use, not realizing that it could mean a risk to their company.
The use of shadow IT has gotten so bad that it’s estimated that between 20% to 40% of technology spending is done outside of the view of the company’s IT team.
What problems does it cause when employees start using cloud applications without them being approved?
- They may pose a security risk
- They may not have necessary data retention policies
- They may not integrate well with a company’s cloud app strategy
- It can result in data loss should the employee leave
- It puts company data in the “shadows” i.e. you can’t back up what you aren’t aware of
Ways to Address and Stop Use of Shadow IT
When approaching shadow IT use, you have to understand that most of it is not done on purpose. Employees may actually be trying to be more productive and don’t realize the dangers of using an application that hasn’t been reviewed and approved first by their company’s IT team or IT provider.
There are also some advantages to employees seeking out new productivity tools. They could be better than what you’re already using or might fill a gap that moving to a remote workforce has left in your cloud environment.
So, the best way to approach stopping shadow IT is to not be punitive, but to be educational and keep the door open to employee IT suggestions.
Here’s how to approach it.
Identify Shadow IT Use at Your Company
You first need to know what you’re dealing with when it comes to shadow IT. Is it just a few apps here and there or is shadow IT use rampant throughout your company?
There are two ways to identify shadow IT use:
- Survey Employees: Ask employees about all the applications they use (whether approved or not) and ask them to rate each one. It’s important that they not feel the need to hide anything for fear of getting in trouble. Explain you’re evaluating the best tools for everyone and that everything is integrated.
- Use a Cloud Access Security Broker (CASB): A CASB, like Microsoft Cloud App Security can identify use of shadow IT on your business network.
Evaluate Shadow It for Any “Good Apples”
When reviewing the IT employees have noted they are using, look for highly rated apps that might be good replacements for lower rated approved apps.
The CASB can help here as well because it can review cloud apps for security and compliance risk.
Adjust your overall cloud application strategy as needed to incorporate any particularly good shadow IT tools.
Put a Cloud App Use Policy into Place
A lot of shadow IT happens because a business does not have any formal policy on cloud app use. Employees don’t have any way to suggest apps they like, or even know that they have to.
Explain to employees the importance that all cloud apps used for your business data be pre-screened and approved before they can be used.
Give them a way to suggest cloud applications that they’d like to use, and make sure they’re communicated with during the review process and about the decision to use or not use the app. If you leave employees hanging about an app suggestion, they might just start using it because they didn’t hear anything back.
Get Help with a Secure & Optimized Cloud Strategy
Digital Crisis can help your Houston area business with smart cloud strategies that will ensure employees have the tools to stay productive and that your data is secure.
Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.