Cloud computing has transformed the way IT services are consumed at the workplace. The tedious, time consuming and resource intensive process of deploying infrastructure, installing solutions, integrating systems and learning how to use the solutions is now replaced with the cloud services delivery model. Organizations can simply contact cloud vendors, subscribe to their services and access the solutions on a whim. While both the traditional IT and cloud services delivery models require formal approval from IT departments, users can circumvent this rule to access cloud services at the workplace for several reasons: broken approval and governance processes, lack of required solutions available in time or non-approval of desired solutions.
As a result, employees are inclined to access the solutions of their preference without bothering with formal IT approval, a process known as Shadow IT. This practice has obvious disadvantages: non-vetted apps and services can pose security, privacy and compliance risks in addition to unnecessary rise in the operational cost of IT services at the workplace. IT can attempt to face it head on and stop it, but it’s an uphill battle. The ease and convenience with which cloud solutions are available and delivered to end-users makes it virtually impossible to prevent employees from consuming non-approved solutions. In some cases, detecting Shadow IT apps is just as impossible.
With a damage limitation approach, technology-driven organizations must adopt a strategic approach to manage Shadow IT:
1. Acknowledge the presence of Shadow IT. You might not know it, and your employees won’t tell you, but they’re probably already practicing Shadow IT. Be aware. Quantify the Shadow IT in your organization instead of taking an educated guess.
2. Treat Shadow IT as a symptom and not a problem. As a result, treat issues that may result due to Shadow IT malpractices.
3. Educate employees. The risks associated with Shadow IT are too huge to ignore. At the same time, use of apps that are not yet approved may present a huge business benefit. Let your IT, employees and the wider organization learn to balance Shadow IT for low risk situations.
4. Create an apps library as an open channel for pre-vetted solutions catering to the needs of a diverse workforce.
5. Improve collaboration and communication of developers and engineers with IT departments to set tooling expectations and requirements upfront for every project.
6. Empower self-service provisioning capabilities. Use orchestration and automation technologies.
Lastly, and most importantly, be flexible and give users a choice, so they’re not forced to adopt Shadow IT practices as their only hope to get the job done efficiently and effectively.
For more info on how your organizations can fully leverage cloud services while addressing your compliance and security requirements, download the white paper, Protecting Your Data in the Cloud.