How does Shadow IT affect your business? What is Shadow IT, you ask? I know, sounds sinister, doesn't it? The meaning of the term has evolved over the past few years, but it's all about computer users in a company taking matters into their own hands.
Only the Shadow knows…
Years ago, I first heard the term "Shadow IT" applied to the hidden costs of poor IT service that didn't meet the needs of your staff. The idea was that instead of calling an IT professional to efficiently resolve a problem, computer users in a business would enlist the help of a coworker, who might be able to help with a problem, or who might know of another coworker who might have seen something like this before. Before you know it, 3 employees are distracted for 45 minutes working on a problem that may or may not get fixed. And the business owner doesn't even realize she's paying people to do something that is neither their job or their expertise, plus she's just lost 2 1/2 hours of productive work on the things those employees are supposed to be doing that aren't getting done.
Recently, the Shadow IT term is back, but now it's being used in reference to employees devising their own technology solutions to their work-related needs. For example, sending company files to their personal email account so they can work on the files at home. Or uploading a customer file to their personal cloud storage account (such as Google Drive or DropBox) to share the file with someone outside the company. It could be installing a non-approved app, or putting company email and files onto a personally-owned tablet.
Who's at Fault? (Hide the mirrors)
So this is all the employees' fault for not following proper procedures, right? Not so fast. It's actually just the opposite. These employees are showing resourcefulness and solving their needs in a way that makes sense to them. Not having the business owner's perspective, though, they may not realize they're hurting productivity in the one case, and putting the company at risk in the other case.
But I'm going to argue that it's not their fault, it's their companies' fault. If the company hasn't given them the resources they need to do their jobs, being the conscientious people they are, they find a way to get the job done. If they have a friendly, competent, and responsive IT tech just a phone call away, they won't need to bother Charlie down the hall with their Outlook error. But if they don't have someone to call, or prior experience has told them that calling IT support takes too long, or IT support doesn't get the job done, or is unpleasant to work with, or takes 2 days to call them back, then they will find another way.
Meeting a Universal Need
In the Modern Office, working remotely, or on a mobile device, or sharing large files with clients or partners is an expected feature of how business gets done. So if the company isn't enabling this with company-approved solutions to collaborate and work remotely, solutions that work within company security requirements, then end-users are going to find their own ways to get things done.
How widespread is this problem? According to one study, 87% of senior managers, and almost 75% of all office workers, regularly upload work files to a personal email or cloud account.1 So if you think it isn't happening at your company, you're probably mistaken. I mentioned this problem in my recent Cyber-Security presentation at the GOA Regional Business Association. Creating effective computer usage policies is an important aspect of cyber-security. But as I said in the presentation, it's not enough just to say "Don't use personal email or cloud storage accounts." The reality is that these things are being used because they meet a need. The business needs to ensure that their policies give workers ways to meet those same needs, but with company-approved and managed solutions.
Create Solutions, Not Barriers
Fortunately, it's easier than ever for companies to enable their employees to access their files from home, or on mobile devices, or to share files securely with third parties. As companies begin to embrace the capabilities that cloud solutions like Office 365 give them, these company-provided solutions actually become the first choice of employees rather than their personal accounts. Why? Because they're part of the natural workflow. If the default place my team shares files is in the cloud, and I know I can get to it from home, then I just save my file like I normally do. I don't bother emailing it to myself, because when I get home, I can just open it up again. It's easier for me as an employee, and less risk for the company too.
We're working with a lot of our clients to gradually introduce a cloud-based workflow and help bring their businesses into the Modern Office future. If you'd like to talk about how we can help your company transform your workflow and in the process, naturally eliminate Shadow IT, give me a shout.
“On the Pulse: Information Security Risk In American Business.” Stroz Friedberg. 2013.
Click Here to Download