Have you ever downloaded an application to use on your work computer, without telling IT? Has your team ever decided to use a service that hasn’t been approved company-wide? If so, you’re likely guilty of contributing to the problem known as shadow IT.
Shadow IT refers to information technology projects that are managed outside, or without the knowledge of, the IT department. It occurs most often when employees or teams decide they need to use file-sharing application, social media platform, or collaboration tool that is not needed for the entire company. For example, a marketing team may decide to use Dropbox or Box for file-sharing, without telling the IT department. Or the human resources department recognizes the need for video interviews and uses BlueJeans, without encouraging IT to deploy the software company-wide.
CEB estimates that 40% of all IT spending at a company occurs outside the IT department, often out of a need to help teams be more productive. But despite your best intentions, this type of rogue purchasing results in issues for IT, as they cannot manage the application or help when issues arise.
How to Eliminate Shadow IT
Shadow IT is an undeniable problem for most organizations, but the good news is that it is easy to fix. We recommend that the IT department follow these four easy steps to get a handle on the applications that exist throughout the company and implement a plan to solve the problem.
- Understand the Problem
Very few employees download or buy applications without IT approval with malicious intent. It often happens because they need to solve an immediate need or want to use tools that are more user-friendly. The days of the CIO simply picking a secure tool and pushing it out to users are over—employees will use the products that make their jobs easier. Knowing this, CIOs and IT leaders must recognize the issue this presents and find tools that are both secure for the organization and easy for the user.
- Engage Your Employees
Once you recognize that your employees are not engaging in shadow IT out of spite, it is vital to understand why they are doing so—what do their shadow applications provide that the company-approved ones do not? What are they most looking for in their tools? Which ones do they feel are most important to their productivity, and which would they recommend adopting across the organization? Identifying where there are flaws with approved applications and understanding what users need is the first step in providing those tools to them in an approved environment.
- Eliminate Redundant Tools
Now that you better understand the tools that your employees are using, the next step to eliminating shadow IT is to educate them on company-approved alternatives. Are they aware of all the applications they could use to complete their tasks? Would an approved alternative provide the same features and functionality as the applications they are currently using? This will allow you to eliminate the tools that are redundant and evaluate those that should be considered for company-wide approval.
- Evaluate and Approve User-Friendly Applications
Once you have a list of the tools that employees need, and the ones they refuse to give up, you can evaluate them for use across the organization. Perhaps the engineering team has found a project management tool that would be useful for everyone, or you’ve discovered that video conferencing is a tool that is needed by the entire company. Once identified, it becomes easy to evaluate specific tools for security and reliability. Those that pass the test can then be deployed across the organization for use by all teams.
By following these steps, you can eliminate the prevalence of shadow IT in the organization, while also keeping employees happy. The key here is not simply to take away the tools that help them be productive, but to instead provide them with secure options—whether that means upgrading from the free to the enterprise version or switching from one tool to a similar, more secure one. When done properly, this process of eliminating shadow IT provides a way to evaluate what is critical to business operations and is one that is useful for IT and employees alike.