What is shadow IT?
Shadow IT sounds scary, but is actually more common than you might think. Shadow IT is hardware or software that’s being used by staff within an organisation, that hasn’t been approved, tested or sanctioned and without the IT team’s knowledge. Shadow IT comes in many forms, but it can be as simple as a user using a file sharing application like Dropbox, when the organisation uses and has sanctioned OneDrive, or downloading and using their personal Zoom account when the business uses Teams. While these applications themselves are widely used and trusted, if they are not the platform of choice for the organisation they count as shadow IT. At best, using shadow IT applications creates an inconsistent user experience and can hinder productivity, as teams and individuals use different applications when trying to work together. But other, less reputable unsanctioned applications can pose a security risk to your network. For all these reasons, the use of shadow IT in organisations needs to be carefully monitored and controlled.
At the end of 2020, Core commissioned a survey of more than 200 IT professionals to get their perspective on the changes that had happened to the way we work in 2020, including the use of shadow IT as employees worked from home.
Almost three out of four of the organisations we asked said employees are downloading unsanctioned video conferencing apps, and user experience seemed to be at the heart of the shadow IT problem for most organisations. The top reason for users downloading unsanctioned apps (40% of respondents), was being more familiar with an alternative, followed by people wanting to use the same tech for work as they do in their personal life (38%).
Our surveyed professionals were optimistic though, that implementing the right collaboration and communication platforms could help stop the use of shadow IT in their organisation. 75% of respondents agree that delivering solutions that empower uses is the best way to combat shadow IT while inspiring more effective compliance.
Download Core's research report - 2020 was a year of change: how ready was the market, and how ready were you?
So how else can you stop users from downloading unauthorised applications and make sure teams and individuals aren't tempted to stray from the sanctioned solutions you have in place? Here's a few tips on cleaning up your shadow IT landscape...
Assume you have a shadow IT problem
By its very nature, shadow IT slips under the radar of IT teams. These are the apps and solutions your users are using, without you being aware. So it's always sensible to assume there will be a certain degree of shadow IT in use in your organisation, even if on the surface it appears there isn't. From this starting point, you can then do some investigating to find out the extent of shadow IT use in your organisation, and the types of unsanctioned apps people are using.
Understand why shadow IT is being used
As our survey found, the main drivers of shadow IT are need, if, for example, the existing company tech does not provide the functionality users need, and familiarity, for example, using tools that the user knows and is comfortable using compared to sanctioned solutions. If this is recognised, organisations can then start to implement the kind of solutions that meet both the need and the ease of use aspect that users are looking for which mitigates the risk of people downloading unsanctioned apps and stop people wanting or needing to use unapproved applications.
Take immediate action
When shadow IT use comes to light, IT departments need to block the application immediately and take further action if needed, not only to protect the network but to ensure users don’t download or use unsanctioned apps again. This could be in the form of sharing policies around the use of shadow IT and unapproved software, or with remote training. In any case, the use of shadow IT should always be addressed as quickly as possible so that other users don’t follow suit, and so that the whole organisation is aware of the risks of using shadow IT. When users present a case for using an unsanctioned app, the benefits must outweigh the risks of using the application. If immediately revoking access to an unsanctioned app will cause the user to lose data or work, give sufficient prior warning that access to the platform is being removed, so that users can save the files and data they need before the application is removed.
Create and enforce policies
Not everyone will be aware of the risks to business of using unsanctioned applications. IT teams need to develop clear policies around the use of shadow IT, which need to be made available to staff at any time. Explaining why the use of shadow IT poses a risk to security and can hinder productivity in terms of creating an inconsistent user experience across the organisation can help employees better understand why its use is prohibited.
Monitor the network
To keep on top of the use of shadow IT, IT teams need to continually monitor the network so that the use of unsanctioned apps is flagged quickly. Sending reminders to employees about the risk of using shadow IT can help prevent its use, as can making sure teams have everything they need to do their jobs and rolling out new apps and updates quickly so that the most current versions are always available.
As a Microsoft gold partner, Core can help you deploy the Microsoft solutions that enable secure, effective collaboration and communication from any location.
Our Microsoft solution workshops cover every aspect of the modern workplace including productivity, collaboration, identity, security and compliance and communication, with interactive and engaging sessions that bring the art of the possible to life. Eligible customers can have their workshop funded by Microsoft.
See our range of workshops and book yours here: