We all know that using any technology — database servers, mobile apps, or just browsing the web — carries a certain amount of risk. Nobody wants to have their secure data compromised, but technology brings enough benefits that the risk is worth it. So you vet certain systems, you establish protocols, you update and patch your software, and you keep track of all the IT at use in the organization.
But what about the tech employees use that isn’t part of your official plan? Things like messaging apps, Excel macros, cloud data storage, collaboration spaces, and even hardware like USB drives, smartphone storage, and personal laptops that you don’t control.
We call this “shadow IT,” and it can hide a whole lot of potential issues — and security is only one of them.
Even if you ignore the dangers of having accounts hacked, data stolen, and websites vandalized, shadow IT can be very inefficient. You don’t control it, so you don’t know where important information is or what work is being done. It makes it hard to avoid duplication of efforts and even harder to manage employee productivity. What are you to do?
Play It Cool
Well, your gut reflex might be to “crack down” on using unauthorized technology for work purposes. Swallow that reaction, though — you can’t stop it, and you’ll just harm morale. You’ll also drive usage even further underground; your people won’t be honest with you for fear of reprisal. That means that if a compromise occurs, you’ll be the last to know.
Instead, keep an eye on the situation. Make it clear that you support employees using the tools they need to get the job done, as long as they let you know what those tools are. If your people start using cloud storage apps, that’s fine — but have them explain how they’ll keep that data secure. Just as you empower them to find their own tools, empower them to keep things secure.
You probably can’t come up with a list of all the shadow IT that’s being used at your work, but you can keep an eye on the trends as they develop. Research the technology that’s being used and watch the headlines for data breaches or other compromises.
In some cases, you will have to crack down on specific apps, programs, or devices being used at your work; they’re just too risky. If you’ve worked with employees and fostered good communication, this shouldn’t be an issue. Remember to avoid blaming employees when shadow IT becomes a problem — especially if they bring the issue to your attention themselves. There’s nothing wrong with asking your people to stop using a specific program or device, as long as you’re transparent and have good reasons.
Last, but not least, try to look on the bright side. Shadow IT may be a little risky, but it also presents opportunities for employees to drive productivity and try out new best practices. If they’re using a piece of technology, it’s probably doing something that the currently “approved” tech is not. They’re also showing self-starter tendencies and trying to do their job better. That sounds like something you want to support.
When in doubt, work with an IT services provider like Echopath to assess and mitigate the risks, and find solutions that address the needs of your employees.