The increasing reliance and availability of cloud applications for business processes coupled with the newly-remote workforce have led to a dramatic rise in a big security issue.
Shadow IT has become a major risk to business IT security and one that many companies don’t even realize they have.
Shadow IT is when employees use cloud applications for work that their companies know nothing about. It usually happens innocently enough when an employee finds a new tool online that they adopt and begin using to make their work easier or more organized.
What’s the problem with that? It shows initiative, right? The issue is that if a company doesn’t know that business data is being stored in an application, they can’t take steps to protect that data.
Some of the problems with the use of apps by employees that aren’t sanctioned by your company first are:
- The security settings in the cloud app may be at a risky level.
- Data could be lost because you don’t know you need to back up that application.
- Data could be lost when an employee leaves and was the only one that knew the app was being used.
- The app could be a redundancy to applications you already are using.
- You could suffer a data breach and compliance violation.
- You may be paying for an expensive and unnecessary app and not even realize it.
From cloud file storage applications to task managers, multiple apps can hold quite a bit of your business data without you knowing it. Shadow IT is a worse problem than most companies realize.
According to a survey noted by McAfee:
- 80% of employees admit to using SaaS tools at work without specific approval.
- Shadow IT use is about 10x that of known cloud apps in most organizations.
Tips for Addressing & Controlling Shadow IT at Your Business
Survey Employees About the Work Applications They Use
Often, employees aren’t maliciously using applications without their company knowing about them. Instead, they’re just trying to get things done more efficiently and don’t understand the problem with using applications outside the company’s approved SaaS tools.
As a first step to getting a handle on shadow IT, you should survey your employees about all the apps they currently use for work. Don’t position the survey as punitive or employees may not mention all the apps they use for fear of a reprimand. Instead, position it as a way to optimize the organization’s cloud environment and potentially find new tools that could benefit everyone.
While you’re doing a cloud survey to locate uses of shadow IT, also include some questions to help you make your cloud environment more efficient, such as:
- Name the top 3 business apps you couldn’t do without and explain why.
- Name the 3 business apps you like the least and explain why.
Evaluate the Surveys & Update Your Approved Cloud Environment Accordingly
As you go through the employee surveys, your goal is to locate applications being used for business data that you don’t know about as well as look for opportunities to improve your cloud environment.
For example, you may find that two employees have been using a less expensive task management app than the one you have approved and that it offers more features. Thus, you could optimize and save money by replacing your current task management app with the one being used as shadow IT.
Look for the following when evaluating current and unknown apps employees are using:
- Redundancies (cloud waste often occurs when there’s an app redundancy)
- Apps that a majority of users say they can’t live without
- Apps that users don’t like (if multiple users find an app unhelpful, then you should find a better alternative)
- The application’s security capabilities
- Compatibility with your existing cloud infrastructure to share data and automate
After you’ve done your evaluation, plan a transition to optimize your cloud infrastructure based upon your findings.
Put Cloud Use Policies in Place
Shadow IT use usually happens because employees don’t know better. It’s important to be clear about your cloud use policies and put those in writing. Whenever you onboard new employees, be sure to train them on this along with your other work policies.
Some things that you may want to include in a cloud use policy are:
- Restrict cloud work app use to only company-approved applications
- Restrict the types of apps that employees can add to company devices
- Offer a way for employees to recommend apps that they would like to use
- Review your cloud environment at least once a year
How Much Shadow IT is Lurking Around Your Company?
Pro Tech Guy can help your Framingham or Natick business identify and address the use of shadow IT to reduce your risk of a data breach.
Contact us today to learn more. Call 508-364-8189 or reach us online.