A recent publication of Gartner shows that over 80% of employees admit using applications that are not approved by their employer. Shadow IT refers to IT devices, software and services used for business purposes but that are outside the ownership or control of the internal IT organisation. It is expected that in 2020 one third of all successful hacker attacks will go through Shadow IT systems. In other words, be aware of the adverse effects of online cloud applications.
IT-departments have the responsibility to provide safe and controllable IT solutions. In a way they called the growing usage of Shadow IT upon themselves. If IT is not capable of innovating quickly and adequately; departments and users will shop online. The SaaS revolution makes it possible to buy browser software. And often the available online applications are much better than the outdated internal solutions.
Examples of Shadow IT
Many pro-active sales directors bought the new CRM system SalesForce.com, after a long unfruitful procedure of trying to get it through the IT department. Other examples are sharing large files through services as Wetransfer or the usage as Dropbox/Box to replace the internal fileserver. Microsoft also plays a role in this situation as it took a while to offer a proper alternative to the fileserver. SalesForce.com, WeTransfer and Dropbox meet the user need but are not part of the IT policy. There is no licence management, or data protection, let a long compliance to applicable privacy legislation and/or the General Data Protection Regulation (GDPR)
that becomes enforceable next year.
Sensitive information via whatsapp
The extent to which professional organisations use Whatsapp surprises me. As if all the email communication in the mailboxes isn’t enough distraction. Further it is appaling to see the amount of sensitive information that is shared via group conversations in whatsapp! It lacks all forms of management or control; people that leave the company are not removed from groups, or messages are deleted without a backup system in place.
Goodbye control and manageability
Though Shadow IT offers benefits to its users, it’s a nightmare for IT. How can they control files they have no knowledge off? For all they know the competition can have access to sensitive data. Are the users aware who owns those Hotmail- and Gmail addresses that have access to tho Dropbox? Or worse, the situation where files are open to anyone who has the link. And imagine having a legal issue with a customer. Usually all documentation is frozen during procedures, whilst with shadow IT systems evidence can be edited ongoing. These type of issues cost organisations a lot of money.
3 solutions to temper Shadow IT
There are several ways to temper Shadow IT. Microsoft offers the tool MS Cloud Discovery
that analyses what SaaS applications employees use on the job. Once the IT department knows what applications are used they can introduce these (or an alternative that meets the same need) step-by-step via Azure AD. This way applications can be connected to internal accounts. Once employees leave the company, licences can be withdrawn and access to information in SaaS applications can be blocked.
And now companies can introduce Meetroo entrée
, that contains a store administered by the Cloud Service Provider (CSP) and the IT department of the client. Here employees can find services offered by the CSP, services and products of third parties and the standard Office 365, SharePoint and Office Apps. When employees find what they are looking for easily within the offered solutions, it will diminish the need to look on the internet and surpass the IT department.