Shadow IT — Driving Innovation or Increasing Risk?

From the beginning of the bring your own device (BYOD) movement and the increase of the millennial workforce, shadow IT has had an ever increasing impact on organizations. Just as the name suggests, shadow IT refers to free or paid applications that employees use in the shadows of the IT department’s knowledge or approval. Not only have these applications not been authorized, controlled or supported by the internal IT team, but often they aren’t in line with the organization’s requirements for data management, security and compliance. However, many consider shadow IT to be an important source of innovation, enabling employees to work in an efficient manner that appeals to them and can lead to a prototype way of working that benefits the entire business.

Shadow IT can lead to innovation but can also be a security nightmare. Especially when you consider that those members of staff who are likely to use their own solutions will inherently be from the generation of risk takers who are inherently less concerned by the need for all-encompassing security measures. So, how can businesses protect themselves from this risk and how should businesses decide their own risk profile?

Allowing personally chosen devices in the work environment has led to the adoption of employee chosen applications to access or manage corporate information and data. The general consumerization of IT and the trend for staff to bring in their own devices has meant that every employee is now a potential user of shadow IT, easily deploying mobile applications. It is no longer just rogue, tech-savvy staff wanting their own tools. Shadow IT has now become a broader issue. Often, purchases are driven by impatience with the IT department, or the IT department’s inability to test and implement new capabilities and systems in a timely manner, thus smothering creativity and productivity.

The trend for businesses to move core processes to the cloud – and staff’s general acceptance of it – has also accelerated the prevalence of shadow IT, while at the same time making it harder to monitor. A starting point for businesses wishing to mitigate the risk, is to ensure that their acceptable usage policies are updated to cover the modern day business, and incorporate such trends as remote working and BYOD.

It is wrong to discuss shadow IT without examining the benefits it can bring in innovation. A recent Frost and Sullivan report entitled The New Hybrid Cloud showed that 49 percent of staff are comfortable using an unapproved application, because using them helps them “get their job done more quickly and easily.”

The rise of shadow IT may actually inject a healthy dose of innovative thinking into organizations, so shouldn’t be disregarded from the start. The ability to test new approaches to business problems that could have a positive impact on the bottom line, is vital to employees at all levels. If they are encumbered by the need for permissions, or for budget approvals to get to the technology they need, things can stall at a time when market conditions change quicker than ever. Not to mention, shadow IT applications are often far cheaper than their ‘official’ counterparts procured through the IT department.

Some of the world’s largest companies are discovering that instead of trying to drive out shadow IT, it is best to embrace it as part of a wider culture of innovation. Adriana Karaboutis, VP and global CIO of Dell recently said, “I don’t chase shadow IT, I chase innovation. When you work in a technology company and have 110,000 best friends that understand technology well and probably even better than you do, you have to be out there working, listening and determining how you can create even more value for the employees and customers that you serve as opposed to being defensive about owning IT.”

The onus on forward-thinking businesses shouldn’t be on stamping out shadow IT, but rather encouraging employees to adopt and get the most out of their tools of choice in a secure and productive fashion.

Organizations need to be able to monitor an individual’s data flow at the most basic level, regardless of whether users are in-office or mobile. Solutions such as cloud application control (CAC) can provide businesses with this visibility and the ability to discover, analyze and control all the information staff are accessing or sharing – whether across authorized or unauthorized applications. It is about managing security risks without stifling innovation. By ‘following the user,” businesses can ensure that employees are safe and secure at all times, whether they are using authorized applications or those from the shadows.