Shadow IT has been featured in the headlines for years, often as a massive headache for enterprise IT. Line of business managers swiping credit cards to pay for services outside IT’s watchful eye created a scare in the industry, as did BYOD and the idea that employees would share corporate data through consumer file-sharing applications. At the same time, the use of consumer-grade collaboration and productivity applications in the SMB market has been seen as a benefit, as small companies that cannot afford expensive, enterprise software have gained access to cheap, effective tools.
But the sophistication of SMB IT has grown in recent years, and cybersecurity has become an issue that no organization can ignore. The time has come for SMBs to take shadow IT seriously and address the issue in a way that is inclusive to employees and meets the needs of the business. Here are seven tips from Paessler on how best to address shadow IT.
Addressing Shadow IT
Click through for tips that can help organizations and IT leaders rein in shadow IT, as identified by Paessler.
Put Shadow IT on Your Agenda
It’s difficult to add another item to your agenda when you’re drowning in everyday tasks, but it takes strategic planning to make an impact on shadow IT. While the term is certainly a popular buzzword in technology circles, many non-IT workers are probably unaware of it, and may even be unaware that they are participating in it. Put shadow IT on your agenda, and actively communicate it at all levels of the company.
Be Prepared to Engage
Line of business managers understand what it takes to accomplish their goals, and they employ the technology necessary to do so. But, they likely do not think about the impact that has on IT, whether it conforms to existing rules, or whether it creates a security risk. It’s important to create a dialogue with coworkers, understand why they are going outside of traditional IT, and keep management informed on the topic so there is transparency throughout the company.
Create a Set of Guidelines
It’s difficult to follow the rules when you don’t know what they are. Shadow IT often comes into the workplace through new employees, something that can be offset by having firm guidelines in place. These guidelines also serve as a check on employees who have a download-first, ask-permission-later mentality.
When an IT request is made, just saying ‘no’ doesn’t help. If the business side requires a tool to get the job done, and IT doesn’t make anything available, then they will circumvent IT. And it’s likely management would side with business goals over security. To keep everyone happy and safe, it’s best to always offer legitimate alternatives.
Create Internal Test Environments
Is shadow IT especially problematic in a specific department? There is usually a reason for it. The department might be especially driven to innovate. Give them the opportunity to do so by creating internal test environments that let them experiment with new technologies in a way that does not affect IT as a whole.
Accelerate the Decision-Making Processes
Willingness to work with employees and provide alternatives is the first step, but if IT does not move as fast as business needs, they will be left behind.
Stay in Constant Communication
IT should keep in regular contact with employees in all departments and management. Don’t wait until problems are springing up like weeds. Go to the departments regularly and ask them: What bothers you? What should be improved? Maintaining open dialogue and two-way communication helps to solve issues before they become major problems.