Is Shadow IT Lurking Around Your Office? How to Address it the RIGHT Way

There’s a hidden danger in many companies that people may look past every day, not even realizing it’s there. But it ends up growing in the shadows putting their data security at risk. 

This danger may initially take root when an employee sees an interesting cloud app online, like a task manager. They decide to use it to make their workflow more productive.

Then another employee is working from home one day and realizes they can’t get into a CRM they normally use, so they find another one and begin putting customer data into that. Before you know it, shadow IT has spread throughout your organization.

Shadow IT is the description of applications being used by employees without the knowledge of or clearance of a company’s IT team or IT partner. They’re apps that an organization may not even realize are being used with business data, so they’re outside any managed services, backups, or cloud strategies.

What’s the problem with employees using their own apps if they’re getting their work done?

Shadow It can:

  • Be unsecure or not meet your company compliance requirements
  • Cause data leakage because data may be unknowingly sold to advertisers
  • Cause data to be lost because no one knows it’s being used
  • Break up cloud strategies that took a lot of time and planning to put into place

It’s estimated that shadow IT is responsible for approximately 1/3 of security breaches.How to Get a Handle on Shadow IT

There’s a is a right way and wrong way to address shadow IT at your organization if you want to keep your team productive while also securing your data.

The wrong way is to scare employees so much that they don’t want to tell you about anyone’s use of an unapproved app, especially their own. 

35% of employees say they don’t mention shadow IT use because they don’t want to get anyone in trouble.

If you take too harsh a stance on shadow IT, it may also reduce productivity because instead of seeking out better solutions, employees won’t feel like they have a voice in the tools that they use.

The RIGHT way to address shadow IT is to both make it a learning experience about the dangers of shadow IT and an opportunity to have employees contribute their opinion to the company’s cloud strategy.

Here are some steps to address shadow IT in a way that is a win-win.

​Ask Employees to Give Input on All Apps They Use

Invite employees to rate the different apps they use, both approved apps and apps that haven’t been approved. You might ask them things like:

  • Rate helpfulness on a scale of 1-5
  • What three apps in your workflow are indispensable?
  • What three apps in your workflow are holding you back?
  • Where do you feel our cloud strategy falls short?

Going through the surveys will allow you to discover shadow IT apps being used without your knowledge and give you valuable user input on your company’s cloud strategy as a whole.

Update Your Cloud Strategy Based Upon Input

From the employee survey input, identify potential shadow IT apps that you may want to integrate into your approved company app workflow.

If you use a program like Microsoft Cloud App Security, you can easily have apps reviewed for any security problems or compliance issues.

After reviewing the apps, officially approve integrated cloud apps and ensure any personal accounts are transitioned to company accounts. 

Decommission Old Apps and Migrate Data

For both shadow IT apps that you’re not using and formerly approved apps that you’re replacing, you should migrate the data into the appropriate account. Then have those accounts closed.

You’ll want to ensure that employees understand your reasons for either approving or not approving an app, so they feel they’re part of the process.

Create or Update Your Shadow IT & App Use Policy

To keep shadow IT from taking root and spreading again, you’ll want to put together a shadow IT and app use policy or update it if you had one, but it wasn’t being followed.

Some of the things you’ll want to include in the policy are:

  • Ban the use of shadow IT and explain why it’s dangerous
  • You may want to have a warning or reprimand system if employees use it against policy
  • Create a way for employees to suggest apps they would like permission to use

Continue to Shine a Light on Shadow IT

Make sure that you keep shadow IT as part of your ongoing cybersecurity training. Otherwise, if you stop talking about it, a year from now, people may think it doesn’t matter anymore.

Make sure to get back to employees in a timely manner on any app requests, so they don’t feel frustrated and start using an app anyway.

Do regular employee surveys to continually integrate user input into your cloud app strategy to make it as productive as possible.

Protect Your Users from Potential Cloud Security Risks 

From password management to HIPAA/PCI compliance solutions, ECN IT Solutions can help your Tucson business with the data security tools it needs.

We’re here… just waiting to help you. Reach out at 520-355-7553 or through our website.