<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

Reining in Shadow IT: Why Does It Happen and How Can You Protect Your Customer?

Posted by Danny Smith on Feb 9, 2018 12:00:00 PM

“Shadow IT” sounds like something sinister or rebellious, but that’s not really the case. Shadow IT refers to employees accessing outside software or tools on their own without going through the company’s of­ficial IT infrastructure and processes. However, it can cause serious issues for companies and individuals.

Usually, shadow IT arises from employees trying to do their jobs effectively but running into barriers during execution. Here are a few reasons why:

  • IT policies can be a bit nebulous, and employees don’t know that software and services solutions are available for them to utilize
  • Enterprise IT systems and offerings may be inadequate, cumbersome or only meet partial user needs
  • IT processes are too stringent or take too long to navigate compared to the pressure to deliver or complete a task

People tend to do what they need to do to get things done. While it’s great when employees solve their own problems and maintain productivity, use of IT solutions outside of approved and controlled processes opens up the company’s data and systems to possible risk and exposure.

Shadow IT can actually help improve internal tools and resources

For all the bad rap it gets, shadow IT can actually be used as an opportunity to identify and address pain points within your customer’s company. Rather than rooting out or punishing employees who use outside technology solutions, I’ve found that starting a conversation with them about what problems they’re experiencing and why an outside solution seems (or seemed) better than what’s available in the company reveals some interesting viewpoints.

Here are some of the frequent responses I’ve heard:

  • The company failed to fully communicate the availability of system or service
  • Employees are using an older version of a software or application and weren’t aware an update was available
  • The available solutions are insuffi­cient or inferior in some way to the user or customer requirements
  • There are other issues and demands that IT didn’t know existed

So embrace shadow IT! Well, at least to the extent that you can learn from it to improve your customer’s internal IT tools, processes and security measures. Here’s an example of how one company did just that:

Balancing User Requirements With Corporate Risk

A ­financial services company had a large team of developers working on a time-sensitive application that was extremely important to the company’s strategy. It soon became clear that the developers were regularly using their credit cards to order virtual machines online so they could complete their work on time. In their process, they were sending sensitive data outside the corporate firewall and risking data exposure.

Why would they do that when the company had the ability to provide virtual machines inside its environment?

Upon evaluation, it turned out that it took ­five to six weeks to provision a virtual machine inside the corporate environment, and the developers just couldn't deliver within their deadlines and budget. They needed to be able to turn their development environments around very quickly, and waiting six weeks wasn't an option. So ordering virtual machines via credit card removed the barrier that was keeping them from getting their jobs done successfully.

Eliminating the Need for Shadow IT With a Hybrid Cloud

A hybrid cloud is basically a private cloud with a public cloud option available if your customer’s needs suddenly surge. The organization can burst into the public cloud and expand their resource pool as needed without slowing users down.

For the financial services company, a hybrid cloud solution would allow developers to not only take advantage of corporate security policies with a private internal cloud, but also have access the publicly-available cloud if they exhausted internal resources – all while meeting their schedule constraints.

It took the company about eight weeks to build a hybrid cloud with the help of my team of cloud experts at Tech Data. We trained the user community on how to use an internal self-service portal to order what they needed instead of going outside the company to order solutions online. Today, they're able to stand up a virtual machine within 20 minutes as opposed to four to ­five weeks.

Designing a cloud-based solution is a task that requires expertise and experience. Depending on the complexity and the existing staff’s experience, you may wish to collaborate with cloud design experts to develop the right solution.

Look for a company that is experienced in-building cloud solutions and has a successful track record creating custom solutions for various industries and organizations. Cloud experts, like those at Tech Data, can help you support your customers by assessing and eliminating shadow IT by building internal solutions and providing training to help alleviate employee perception that better solutions exist outside the company’s boundaries.

Tags: IT Security, Shadow IT, Security Services