Today, shadows are very front of mind. Unfortunately, Punxsutawney Phil saw his, meaning six more weeks of winter. But there's another shadow that we'll be seeing a lot more of in 2017... Shadow IT. Shadow IT refers to IT systems and solutions that are managed outside of the IT department in an enterprise, and often without their knowledge. It includes file sharing apps (like Dropbox), social media, collaboration tools (like Skype), and Software-as-a-Service (like Office 365). These apps can make employees more productive and enhance collaboration, and companies that recognize this will find ways to leverage these advantages. But, they must also take responsibility for ensuring compliance and security now, more than ever before.
According to Gartner, by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources. Additionally, they recommend that organizations develop an enterprise-wide data security governance program. Identify data security policy gaps, develop a roadmap to address the issues and seek cyberinsurance when appropriate. So just how do they maximize the benefits while minimizing the risks of Shadow IT?
- Reduce Roadblocks to IT Implementation. Often, these apps are used because there isn't a comparable option readily available internally, so employees decide to circumvent the system. If there are IT-based productivity solutions waiting in the pipeline, develop a process to fast track them.
- Embrace the Cloud. If your partners are pushing for cloud adoption, it's time to get on board. There's no avoiding cloud computing, it's not the future anymore, it's the now. There are so many ways to adopt the cloud to your enterprise, and they all increase productivity, enhance collaboration, and increase security, redundancy, and scalability over your legacy systems. If you encourage your IT team to support the cloudshift, they can get ahead of data security issues by creating proper authentication, authorization, and accounting mechanisms.
- Get Ahead of the Trends. Pay attention to the new apps on the horizon, and consider how they might be useful to your business model or staff communications. If you can introduce a solution before your staff can do it on their own, you can put into place compliance regulations and security protocols. IT members should make an effort to collaborate with department heads in this regard as well. Individual departments may have valuable input on what needs they have that aren't being fulfilled by current IT.
- Be Open-Minded but Firm-Handed. If you discover that your staff already has apps in use without your knowledge, don't be so quick to shut them down. Investigate why they are using it, the benefits, the risks, and if you can find a way to utilize it securely. However, don't encourage them to just try new apps that create open windows to your data at their whim. Encourage them to present to you the case for their needs so your IT team can investigate. Establish policies and procedures for access and use for each app individually.
Shadow IT was once seen as only a negative... one more point of vulnerability for your security. But, if adapted with caution and IT involvement, these SaaS solutions can be a boon to your competitive advantage. If you'd like to introduce cloud computing to your business environment, Great Lakes Computer can help you do it securely. We offer a range of solutions from single apps to complete cloud, based on your preference. We also offer several cybersecurity enhancements, like antivirus and "human firewall" training, to help you control any vulnerabilities shadow IT has already created. Contact us today to learn more.