infoTECH Feature

April 13, 2017

Why Businesses Must Co-opt Shadow IT

By Special Guest
Kris Lahiri, Co-Founder & Chief Security Officer, Egnyte

Denial has proven futile. Once just a worrisome trend, shadow IT has grown into a monster. The aptly named phenomenon, a known risk of data breaches and financial liabilities, pits information technology professionals against end users in an endless battle for control of the digital workplace environment. The “number of unauthorized cloud apps being used in the enterprise” is up to 20 times higher than CIOs predicted, according to a Cisco (News - Alert) survey. Attempts to suppress the infiltration of user apps with strict controls have done little more than exacerbate the face-off between “stodgy” IT departments and freedom-loving end users.

The problem shows no signs of going away in 2017—unless IT takes the radical step of co-opting it. Users will continue to introduce cloud apps in the coming year, opening up new attack angles in an increasingly labyrinthine IT world. The “shadow Internet of Things” and U.S. Rule 41 are just hints of the types of complex, global issues that stand to define 2017. Heightening the stand-off between IT and end users will only waste resources that could better be used to drive the business forward.

Here’s how to bring shadow IT into the light.

1. Suss the shadow out.

Co-opting shadow IT means walking the tightrope between monitoring legal, regulatory and protective measures while delivering the breathing room end users require. Instead of getting stuck at an impasse and pushing an agenda of resentment, it’s key to examine what individuals and departments are using, how it influences their workplace productivity and how to go about co-opting the benefits employees derive from shadow IT.

The first step is discovery; suss out what applications and “outside” products are being used. There are numerous solutions in the market that can find out what users are running 24 hours a day on desktop, mobile or BYOD. Packet sniffers and firewall products display readable traffic to easily monitor what makes its way through the corporate firewall.

Run a scanner to understand who uses what—outside email accounts, chat services including iMessage or Skype, file sharing applications like Dropbox (News - Alert), Google Drive or BitTorrent and even popular consumer apps such as Twitter and Facebook. Understand when and why end users are turning to these technologies, what business problems it helps them solve.

Once you understand the lay of the land, implement content control at the source but don’t fight outright. Users know how to be most productive to reach corporate goals. But they don’t always know what exposure they are creating by downloading consumer tools. You can use the information you learn about the tools that employees adopt to improve your business. Let them enjoy the benefits of easy-to-use technology while you factor them into your strategy to prevent data breaches. There’s no reason users can’t have their cake and eat it too; IT just needs to keep an eye on organizations’ insulin levels.

2. Get in front of the train.

You want to avoid pushing unauthorized use deeper into the shadows with blanket bans. Always be permissive where you can; educate users and present favorable options where you can’t. This way you stay in front of the train instead of running behind.

Always evaluate shadow IT with an eye on who needs what to execute their jobs. For example, sales generally gets a hall pass with apps that help them close deals, as does the CEO. Other departments’ use should be evaluated on a case-by-case basis. Some popular shadow apps, like Dropbox and PDF converters, can easily be scaled up to business versions. Prioritize the most popular ones in your organization, and make telling your users ‘don’t use that’ a last resort.

3. Keep pace and peace.

The final move towards keeping pace with shadow IT is to capture the benefits of consumer solutions and replace them with comparable – or even more secured, performing and scalable – business solutions. Different people have different workflows to perform their jobs and as such need different systems. Some of these solutions stem from productivity habits, product hype, individual familiarity, or differing organizational needs. For example, a marketing department may require a cloud platform that allows for easy sharing of large files like hi-resolution images, videos and media kits, across multiple devices. Product and engineering may look to a SaaS (News - Alert) online project hosting app for ease and speed of sharing code or test results and keeping their global teams on the same page.

Examine what type of solutions users are gravitating towards and what each does for whom. Depending upon the organizational dynamics, it may be possible to employ a similar application to encourage workflow but with a solution that supports IT’s standards. Ask why departments are using a specific app to gain insight into the gaps in your infrastructure.

As the saying goes, if you can’t beat ‘em, join ‘em. End users don’t care about security, auditability or regulatory environment. All they care about is getting the job done. Yes, shadow IT will continue to pervade in 2017, but you should not fear or hate its inevitable creep. By co-opting it, you reassert IT control without denying users what they want or need. Angst will diminish and a more flexible, understanding relationship between IT and other departments will prevail.

As the global regulatory environment continues to heat up, machine intelligence and IoT pervade businesses great and small, the last thing IT needs is a stand-off with their end users. It’s time to win.

Edited by Alicia Young

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers