Shadow IT is a phrase often used to refer to IT systems built within organizations without management’s approval. It can also be used alongside “Stealth IT” in describing solutions deployed by departments other than IT. Shadow IT is generally considered a security threat to an organization, as it can open up networks to potential attacks through the downloading of unapproved software and the misuse of tech solutions by untrained individuals. So, how can you address this in your own organization?
Most organizations discourage Shadow IT. For many companies, it comes inevitably when tech-savvy employees start searching for solutions to their own problems without consulting IT. This could happen for a number of reasons, such as a crucial figure in the red-tape chain being out on vacation when a solution is needed. Often, IT specialists will expressly disapprove of software or systems they regard as potential threats, only to be ignored by employees.
A specialist from LANDESK says many instances of Shadow IT are preceded by a constraint placed either on or by the IT department. When employees are frustrated with a lack of company-approved resources with which to solve their problems, they may seek solutions elsewhere. With new software and cloud services available at the click of a button, aspiring employees could seize on the opportunity without giving a second thought to the concerns of the organizational network whatsoever.
They may choose to bypass IT and executive approval simply because they expect requests to be declined. In an era of Wi-Fi and bring your own device (BYOD) environments, solutions can be implemented off-site and introduced to company resources when they are already full-blown. At times, IT may be completely oblivious to software that’s being used right down the hall.
Management’s reaction often is to put a stop to these Shadow IT activities. On the other hand, IT departments are realizing that they can’t keep up with requests or stay on top of all new software. Shadow IT could open the door to hacker malware that buries the company. But putting a foot down can cast IT in the role of computer cop, which could even make Shadow IT a bigger problem.
Putting policies in place and stepping back to prepare for the worst isn’t a viable answer. While IT staff can’t be everywhere, they could be assigned time to meet with each department and discuss the tech needs of their fellow workers. This way, IT specialists can address problems in an institutionally-approved way before lay employees feel compelled to seek their own solutions.
Shadow IT, when it occurs, does help to identify weaknesses in IT infrastructure that made it possible in the first place. When done right, it takes some of the workload from IT staff. The answer may lie in streamlining the request-approval process from manager to IT. During development, workgroups may be restricted to an isolated server where any misguided Shadow IT will have minimal impact. Once your IT department is trained on properly addressing Shadow IT, departments can be re-integrated and receive the one-on-one time they need with the tech professionals.