The term shadow IT conjures up images of a malevolent, invisible force that poses a threat to security policies. Sounds scary, right? While shadow IT does have the ability to create a bottleneck, it tends to occur in the most benign of situations.
Thanks to the popularity—and growing democratization—of cloud computing and SaaS, software applications have become increasingly easy acquire. Not only are many of these apps widespread and accessible, they’re high-quality and instantly available. Rather than wait to internally develop and deploy custom apps, these affordable alternatives seemingly save an organization time and money.
In these situations, managers overlook the need for IT blessing. Generally, apps are harmlessly deployed with the idea that they’ll increase productivity and efficiency. For teams, this appears to be a no-brainer. However, there is often little to no consideration of the security of these apps, as software procurement requirements are ignored entirely. By hastily deploying cloud-based apps that consume corporate data, these well-meaning employees inadvertently create security risks.
Shadow IT isn’t quite the specter it may seem to be. It’s often a well-meaning, but careless product of the modern workplace. It’s also a reality that can be dealt with accordingly.
A recent InformationWeek article offers five ways that IT can mitigate the security and cost impacts of shadow IT:
- Identify the biggest opportunities where shadow IT may occur by taking inventory of who is using what programs. In doing so, IT can monitor issues, identify new or unknown tools, and make appropriate changes.
- Assess security and efficiency risks by starting an open dialogue with team members to understand their problems and providing alternative solutions when necessary.
- Encourage transparency and collaboration between IT and other employees, so that the former is aware of the requirements of the latter.
- Establish dialogue between department heads and IT to involve more stakeholders in the application selection process.
- Remain open to feedback and identify when employees select beneficial options—not all shadow IT is bad.
Identity Automation Insight:
Ultimately, InformationWeek offers some sound advice. For example, working across an organization to make appropriate changes is a pragmatic, valid tip. Encouraging transparency and collaboration to enforce clear policies regarding new technologies can be beneficial. However, there are several additional issues to consider.
For starters, many of these suggestions actually add work to the plate of IT departments, which ultimately creates a bottleneck. At large organizations, it simply isn’t possible for IT to be involved in every procurement process, as they generally lack the bandwidth.
Often, employees are impatient, buy on their own, and get frustrated when apps don’t link into corporate SSO platforms. This causes employees to generally leverage shadow IT to solve real problems in the first place. Many times, management actually endorses these decisions as well. If their employees claim that apps will make them more productive, that’s often all they need to hear.
In this regard, work to position your IT team as an asset, not a hindrance. Rather than block these apps, identify which ones your employees are using and enable employees to use them securely. Incorporating these apps into your SSO platform not only increases security, it can help with password overload. It’s a win-win situation across your organization.
While the article claims that not all shadow IT is inherently “bad,” these solutions can still put your company at risk, as their security implications are wide-reaching. What if your employees leave your company to work for a competitor? These accounts remain open and available. Powerful identity and access management (IAM) solutions directly address this situation. Automatic deprovisioning ensures that those who should not have access, in fact, do not.
It’s important to strike a balance between encouraging business efficiencies and maintaining security. This requires the right mindset, the right collaboration with business users, and the right IT infrastructure.
IAM facilitates appropriate ownership of applications and shared data, and works to increase lifecycle management of accounts across apps. While shadow IT is a product of the modern workforce, IAM platforms bring it into the light and make life easier for your entire organization.