It’s been a few months now since the mad rush to send everyone home due to COVID-19 and put remote work processes into place.
Most companies in the Thames Valley area and throughout the UK were caught off guard and didn’t have all the cloud systems in place they needed to keep their business going remotely.
57% of surveyed businesses said that due to the pandemic crisis, their use of cloud applications was higher than planned.
What often happened to fill the void was that employees used whatever apps they could find to stay connected remotely with customers and their work.
When employees use applications that are not approved, or in most cases not even know about, by their company, this is called shadow IT.
The pandemic was a unique situation, and there are several reasons it led to more shadow IT being used for work processes than usual:
- Employees may not have had the tools they needed in place
- Employees using personal computers, may have used the apps already installed
- The sudden lockdown caused disruptions in normal staff-company communications
- A company may not have had an approved app use policy in place
What’s the Problem with Shadow IT?
If an employee is using an application that helps them get their job done, you might wonder, “What’s the problem?”
While the app they’ve chosen may indeed be productive, you don’t have any way of knowing how much of a risk it is if you haven’t properly reviewed it.
Nearly half of security professionals are worried about security problems arising from remote workers using shadow IT during the pandemic.
Here are a few of the major issues with shadow IT:
- It can put a company’s data and network at risk
- It’s not integrated with the rest of your technology
- Company data can be lost if a user leaves, because the company has no access to the shadow IT account
Making Shadow IT a Win-Win Situation
How you approach shadow IT use can either cause employee friction or become a win-win situation for your company.
Here are some tips to make it a positive instead of a negative, while still getting it under control.
Identify Shadow IT Being Used by Asking Employees
First, you’ll want to identify the applications your employees are using to work from home so you can find any instances of shadow IT.
The best way to do this is not to approach it as a negative but make it a learning experience.
Explain to employees that you understand some may be using other software to work due to the unexpected pandemic transition. That you need to find which tools work best and ensure all are properly secured and integrated into your overall IT plan.
Ask employees for a list of all apps they’re using and ask them to rate them on a scale of 1 to 5 for helpfulness. The point with the rating is that you want to know which tools they find helpful and which they may just be using, but don’t particularly like.
Review Applications for Security Problems
Once you’ve gone through the lists and identified any unapproved applications, you’ll want to evaluate those for risk. Some may be more secure than others.
If you employ the help of a CASB (cloud app security broker), such as Microsoft Cloud App Security, you’ll be able to easily evaluate the risk level of each app in the tool.
Separate the shadow IT that is too risky from the apps that would be safe for your organisation to use.
Cross Reference Current Apps and Secure Shadow IT
Next, go through the list of shadow IT that didn’t pose a risk and compare it to your approved programs.
The goal is to add any functionalities that are missing and see which apps your users find most helpful. Do this by asking the following questions:
- Are there any shadow IT apps that do something that you don’t have an approved app for?
- Do any shadow IT apps have higher user ratings for a similar approved app?
- Which approved and shadow IT apps have the best ability to integrate with our overall IT infrastructure?
The process should help improve your overall IT infrastructure by incorporating the best tools (as rated by users) and fill any remote work tool voids.
For those shadow IT apps that you’re going to adopt, officially approve them for use.
Put New Approved Apps into Place
Inform users of your new approved apps and workflow. Also let them know those apps that they will have to stop using. For the most positive outcome, be transparent about the process you went through so employees know their input was valued.
Decommission Non-Approved Apps & Migrate Data
For any shadow IT apps or apps that were previously approved that are now being replaced, you’ll need to officially decommission them.
This means migrating the data to the application taking its place and closing all user accounts.
Put an App Approval Policy in Place
Many employees start using shadow IT because there is no policy in place on how to handle work applications.
Put a policy in place that lets employees know that they cannot use apps for work that aren’t approved and give them a process to submit an application they would like to use for approval.
This both helps to stop use of shadow IT and keeps the door open for employee input on your technology, which can be very valuable for choosing the most productive tools in the future.
Looking to Lower Costs & Streamline Your IT for Efficiency?
NMX IT Solutions can help your business reduce costs, improve efficiency, and eliminate security risk.
Contact us today to schedule a consultation! Call 01628 232300 or reach out online.