Shadow IT raises a handful of questions: is shadow IT just bad, or does it carry some good benefits as well? How does it affect my organization? What can I do today to handle it better? While shadow IT isn’t a new term, organizations see an increase in the past few years:
The number of unauthorized cloud apps being used in the enterprise up to 20 times higher than CIOs predicted 1
When asked why - the main drivers for shadow IT are increased efficiency 60%, increased productivity 62% and 58% believing it to free up IT department’s time 2
Shadow IT is increasing and should increase in the near future due to several trends:
- SaaS adoption is increasing. There are more options to choose from because more vendors are moving into a SaaS business model.
- It is much easier to signup and start using new tools. SaaS applications are becoming more self-served than before. Anyone can sign up and start using a new product to see if there is value in it. Many products offer free trials, affordable prices or even free services which reduces the barrier to adopting the tools.
- It becomes very easy to inegrate software. Different software is becoming more and more connected, sharing of data and communicating with each other.
- We are changing. The majority of the workforce on enterprise was born into the world of software, and some were born into the world of app stores. We are used to choosing software on a weekly, if not a daily basis. We are trained to start using new tools, switching between tools, and also doing the research for understanding which software we want.
Shadow-IT is mostly perceived as something which has only bad merits. Those rogue employees are signing up to a dozen of new tools and wouldn’t “follow the rules”. However, we need to acknowledge that shadow-IT has some benefits, which should not be easily dismissed.
- Employees are using best of breed tools that make them more productive as they are not only limited to what a small group of people has decided as the right tools for the job.
- Motivation - new SaaS tools empowers the individuals to achieve more with less, thus raising the motivation and the engagement of the employees.
- Employees are open to new technologies, new ideas that may create a competitive advantage. If you don’t open yourself to new SaaS tools, your competition will outrun you.
- It encourages IT to be more effective and efficient. For example, if in the past the only way to transfer files between colleagues was to put those files on the slow samba server, now IT needs to provide a tool within the standards Dropbox, Box and others.
Shadow IT in the SaaS world refers to those unauthorised, and many cases unknown SaaS applications, adapted by the organization. Those lead to a big overhead for the IT in various of categories:
- Employees start asking for accounts and licenses to unsanctioned software, not knowing it is unsanctioned. IT needs to find out who is in charge of the software, approve it and take ownership.
- Money is wasted as some employees would find alternatives to software the organization is already paying for. Sometimes, several teams might use the same tool in a single company not knowing of each other.
- It hurts collaboration – the beauty of SaaS and cloud, is that it makes everything more collaborative. It is used from everywhere, on multi-platforms to connect with our peers in real time. When different tools are used and are not connected to each other, the collaboration is damaged.
- Security can easily be comprised as your company IP and users are now exposed to several SaaS providers, increasing your attack surface and makes it very hard to track the security levels of all those SaaS.
- Sensitive data - your company data is now shared among various vendors. With a click of a button, employees can upload, share or give access to SaaS providers without realizing the consequences. Is that data being shared or sold? Where is the data stored? Who has access to it?
We need to realize that shadow-IT doesn’t raise on its own. All shadow-IT services are born and raised by employees who signed up for them. When IT find out, late in the game, about shadow-IT, the situation can easily be lead to personal discomfort as IT needs to take an action on those. Whether that is approving it, blocking it and going through some discussion cycle. Those issues can get even uglier when IT feels it was left out of the loop for several months, just to find out a service is being used by a few dozen of people which is strictly against IT standards due to data sensitivity or security.
When the IT is not in the picture, the employees will likely not perform the same assessment the IT is doing. Not because they don’t care about security or data privacy, but because they are not trained for that. They don’t see the same big picture as IT is seeing, they are not informed of the threats and security implications, or they just don’t have the time or attention to perform these assessments.
So what is the bottom line?
While there are many bad characteristics associated with Shadow-IT, we must also acknowledge the good benefits it can bring to drive IT and the business forward while we make sure we avoid its bad and ugly aspects.
What can you do today to handle it better?
The world of IT is changing and the boundaries between IT admins, and the employees as SaaS admins are getting blurred. Opposing or trying to block employees from adapting new SaaS is not an option any more. It is time for IT to work together with the employees and LoB leaders on getting shadow-IT out of the shadows and adapting its good parts without compromising security, financial control, and compliance.
Shadow IT can be discovered in many ways, reading data from browsers, firewall logs, integrating with product APIs, reading expense reports and more… this is exactly how Torii uncovers shadow IT.
Remember the good, the bad, and the ugly – and base your approach on it.
The drivers for the shadow IT are good, embrace them. Learn about your company’s early adopters. Usually, in every department, there is someone who likes to test and introduce new software and they drive a nice amount of shadow IT. Don’t block their efforts rather empower them instead – let them take part in POCs, learn the latest innovations and products in their field. Learn where software is heading in their domain. Teach them to evaluate security, to be sensitive to data, to ask the right questions. Make them an extension of the IT.
Teach and educate your company about the bad, about the overhead, and the price the company pays for the shadow IT and the risk of picking the wrong SaaS. Let them be the owners of the software they use.
Educate people and constantly communicate with the employees in order to avoid the ugly aspects of shadow-IT. Share stories and point to critical parts of your system. Give the employees the tools they need to be more productive, work with them together to make the business be more productive and pick together the right tools for the job.
Looking to discover and eliminate Shadow IT in your organization? Torii is a full fledged SaaS management platform that will guide you through it.
1:Cisco study 2015 - https://blogs.cisco.com/datacenter/shadow-it-you-cant-manage-what-you-cant-see
2: NTT Communication survery 2016 - http://www.eu.ntt.com/en/Shadow_IT.html