Shining a light on shadow IT – and how to ensure you get it right

(c)iStock.com/jrwasserman

The nature of work is evolving; employees are mobile and cloud-enabled, free to work anywhere from almost any device. In response to this shift, the BYOD trend has emerged stronger than ever. Coupled with this is the growth of employees desiring more accessible applications. However, these factors have undoubtedly contributed to the emergence of shadow IT, which is creating a problem for many IT departments.

Applications such as Dropbox are increasingly being used by employees for business critical functions. Yet many of these apps are not enterprise ready, leaving IT departments caught between the twin demands of employee flexibility and enterprise security. For example, a recent report from the Ponemon Institute revealed that 44% of corporate data stored in cloud environments is not managed or controlled by the IT department. More than two-thirds of respondents said that protecting sensitive data in the cloud was more challenging when using conventional security practices. Clearly, enterprises that want to embrace cloud but stay secure need a new approach.

Secure bridges beat blanket blockages

It is unrealistic to adopt a comprehensive block on all unsanctioned application. IT departments must empower employees by granting access to their favourite cloud apps, while protecting the organisation from data loss and network threats. Rather than blocking apps en-masse, IT departments need the ability to review the activities that pose the greatest risk, such as sharing data outside the company, and block those apps specifically to mitigate their risk. To do this, IT departments need real-time visibility into how cloud application are being used, so they can enforce smart usage policies and promote safe cloud practices. With the emergence of the latest cloud management and analytics tools, this kind of clarity is very achievable.

Teaching and engaging

Once IT departments have sight of the applications in used throughout the organisation, the next step is to educate employees about why certain activities have been blocked. Offering alternative apps that have similar features but are lower-risk, means employees will feel empowered by using apps and devices they enjoy, and corporate security is maintained.

Consulting and providing feedback also means IT is in a strong position to give guidelines of approved applications, policies and alternatives. Providing consultative advice ensures IT will be seen as trusted provider; staff will want to be informed and discuss their IT queries so they can get the job done and improve business processes. Ultimately, this open approach will give IT greater visibility and insight into what applications users are deploying.

The need for visibility

In the on-premise world, keeping track of the applications being used and by whom was relatively easy, as they were purchased and managed centrally. But with cloud, different applications are being used by different people across a multitude of devices; many of which have been purchased outside of traditional IT and procurement channels. This stops IT from having visibility and control over the applications being used in the cloud. Costs can also quickly spiral out of control as a result of ‘cloud sprawl’, thanks to the sheer ease of buying services and applications (e.g. employees paying by credit card). 

Without having visibility into cloud application usage across the business, organisations will be unable to consolidate applications and miss out on cost-savings as a result of procuring cloud services centrally. Having sight of the cloud applications being purchased allows businesses to easily forecast costs, and to make informed decisions that will improve business processes and cut costs.

Regaining control will deliver value

Cloud applications like Dropbox and Evernote are helping employees to be productive, but it’s up to businesses to ensure that the applications are secure. IT departments have a tricky job of securing data while allowing employees access to cloud applications; businesses need to support IT with tools which give visibility into the applications in use throughout the IT environment.

With this insight, IT departments can implement a far more strategic approach to cloud usage and security policies. With these controls are in place, the IT department can increase user productivity while securing the IT infrastructure. With this approach, IT can take back control and deliver value to the organisation with a skilled and productive workforce.