Shadow IT really isn’t a new phenomenon. Employees have been using resources without the IT manager’s approval for years. Shadow IT today is much different in the past, largely due to easily aquired cloud services and apps employees are using on smart devices for work purposes. Shadow IT spending represents upward of 30% of total IT spending. While these apps may increase staff productivity and efficiency, they can pose a significant data and security risk to the business.
A recent study of 300 employees from companies from the US, UK, Australia, and New Zealand revealed some significant and consistent takeaways. A report based on the study by Lynda Stadtmueller, program director of cloud computing for Stratecast/Frost & Sullivan, points to six key sets of findings about the true nature of shadow IT.
1) Everybody does it. More than 80% of survey respondents admit to using non-approved cloud applications while on the job. Additionally, the average company uses approximately 20 SaaS applications and of these, at least seven are non-approved by management.
2) IT employees are guilty too. The study found that the biggest users of shadow IT services are, you guessed it, the IT employees themselves. A bit of “do as I say, not as I do”.
3) Not having clearly defined SaaS policies leaves the door open for Shadow IT.
4) Employees aren’t trying to break the rules. They just want to do their jobs. A large number of employees using non-sanctioned cloud apps are using them to perform their jobs more efficiently and not for personal use.
5) Employees may be aware of the risks, but they feel they are justified. 15% of those surveyed say they are personally aware of incidents in which company data was compromised yet knowledge of the risk isn’t deterring the use of Shadow IT.
So How Can You Take Control?
Many experts believe that allowing certain Shadow IT activities encourages innovation, flexibility, productivity, and competitive business advantages. Part of IT’s role in this changing landscape is to identify the apps employees are using, evaluate which are useful and appropriate for the business, and then embrace and manage them using a governance plan that defines the risk assessment and and the criteria the application must meet.
To help prevent the risk of employees accessing the apps via public networks, IT managers can create corporate sandboxes for their mobile devices and connect them via VPN or another secure connector. To help ensure that the most sensive corporate data is protected, IT can assign access restrictions to different data types. If an unauthorized app or user tries to access the restricted data, IT will be notified and can track the source of the breach.
Finally, once you have established a good and nimble SaaS governance policy, educate your employees about why using approved applications is important. The Frost & Sullivan Survey found that nearly 20% of employees didn’t know if their company had a policy, while 35% reported using non-authorized apps because IT approval for new apps took too long to secure.
To learn how your business can benefit from virtualization, cloud services, and hosted applications, signup for a Free RevITup SilverCloud Assessment. For more information on solutions for running your businesses’ technology more efficiently, visit our website or contact Megan Meisner at mmeisner@launchpadonline.com or 813 448-7100 x210.