Shadow IT At Your Business? What You Should (and Shouldn’t) Do About It

JULY 2012:  There’s a growing trend called Shadow IT — it sounds ominous, and it can be for some companies. Gartner, the top IT research and advisory firm, warns about companies neglecting to change with the times, and some IT security experts are deeply concerned about slippery slopes and points of no return.

Should your company be concerned? Hop on this IT advice, and check out the three steps you can take right now:

1) What is Shadow IT and why does it happen? Shadow IT is when your employees use their own devices and software for business purposes instead of using technology that’s approved and supported by your company. Employees use these work-arounds because they can be easier, are readily available and often meet immediate needs. Dropbox and personal email can look pretty good in a pinch, despite the lack of security. This is especially true if IT departments take a long time to respond to employee requests.

2) How prevalent is Shadow IT? Very. In fact, it’s inescapable. With the growth of mobile and the cloud, the genie is out of the bottle. Shadow IT is here to stay.

3) What are the risks associated with Shadow IT? Of course, any time you don’t control your company’s information — or where it is or who has access to it — your company is at risk. But with Shadow IT, the underlying belief is that external, unapproved IT sources are better able to handle employees’ needs than internal, approved IT sources. Which may often, in fact, be the case. Business owners need to come to terms with the changes brought about by sophisticated consumer technology, a mobile work force, their own aging equipment, appealing software-as-a-service options and other realities of 21st-century IT.

4) What can my company do about Shadow IT? First off, don’t try to eliminate it — that’s impossible and it will only drive it further underground. Instead, take these three steps:

STEP 1: Survey your employees to see how IT can better serve them. You’ll find out about their frustrations and how much of your company’s Shadow IT revolves around consuming information versus creating or sending information.

STEP 2: Develop a Bring Your Own Device (BYOD) strategy that your employees like and that secures your data.

STEP 3: Craft robust yet reasonable policies. Your acceptable use policy and human resources policies should be clear, current and concise. Documents that are 50 pages long, outdated or filled with legalese represent the same unsuccessful approach as the cumbersome IT processes that employees want to circumvent!