The easy availability and deployment of powerful collaboration and productivity tools, usually based in the cloud, has allowed us to start to develop incredible digital workplaces that are only going to get better.
But the proliferation of tools also comes with its own risks. Because individuals, teams and divisions can now deploy these applications with no involvement from the IT function, it means that unapproved or unauthorised software is sometimes being used for work purposes. Because individuals may be using some of these tools already in their life outside work, the decision to use them in the workplace feels natural.
This unapproved use of tech – often called “Shadow IT” – is a common problem. How should digital teams help to tackle the risks?
What are the risks of Shadow IT?
Often the use of Shadow IT is perfectly understandable. Employees need to get things done and want to use the best tools possible, but it does present a risk for several reasons:
- Applications used may not have the right level of security to meet enterprise needs. Tools designed for consumers with sensitive data in them may present more of a risk for critical data breaches.
- Information and content stored in cloud-based systems may still be left after an employee leaves a company, and it may never be removed. This means there may be sensitive data stored in the cloud which organisations have no awareness of and no ability to control.
- Applications outside the scope of IT may not have important information policies applied to them for example relating to password formats or GDPR. Again, this makes organizations vulnerable to data breaches.
- Too many alternative systems can limit the use, adoption and value of fully-approved systems. For example, it might be hard to push Microsoft Teams when everybody is using Slack.
- Use of alternative systems will not feature in any enterprise search efforts.
Why do employees use Shadow IT?
Reducing the levels of Shadow IT isn’t always straightforward. In practical terms, it’s very difficult to completely prevent an employee using an unapproved application if they have their mind set on it. IT departments also have little clout to be able to tell employees to stop.
The most sensible and sustainable approach is to try and positively influence employee behaviour so they stop using Shadow IT because they understand the risks and can find an “official” tool in the digital workplace that meets their needs. This is challenging when your workforce is diverse and where you have an organisational culture where employees don’t like being told what to do.
To try and work out the best way to positively influence the behaviour of employees we need to understand why employees use Shadow IT. Typical reasons include:
- Employees can’t easily access particular services, content or documents on a mobile device or outside the company network, so they resort to alternative approaches.
- Employees can’t access tools to collaborate easily with team members or externally outside the company.
- Processes to install an application take too long or are too complex and it’s easier for employees to act themselves.
- Individuals or teams are particularly keen on using a specific application, but it is not offered by the company.
- Employees want to try or use a new application or type of application to meet an emerging need, but it is not yet part of an official digital workplace.
- People are simply not aware that use of application is not allowed or discouraged.
- Employees needed to get something done urgently and the best resolution of the task was through using an application or service not offered by the digital workplace.
- Local offices or recently acquired companies use legacy or different systems where the extent of central IT governance is unclear.
- The use experience of the ‘official’ digital experience is so poor -such as slow loading pages or confusing interfaces – they use alternative solutions.
Why a strong digital workplace is the best approach to tackle Shadow IT
Employees predominantly turn to Shadow IT when the existing digital workplace doesn’t offer them a better or more viable alternative, or they are not aware that it does. Therefore, the best approach to tackling shadow IT is to offer a compelling digital workplace wrapped around a strong employee experience, that provides the tools that allows users to:
- Get things done easily and quickly.
- Find what they need.
- Communicate and collaborate with employees and even externally.
- Work at any time, from anywhere and from any device.
- Meet emerging needs.
A great digital workplace not only reduces the need for employees to use alternative solutions but also provides a solid reason for why employees shouldn’t be using a particular tool. It’s very difficult to tell an employee not to use an application if there isn’t a viable alternative provided.
Approaches to consider
If you are setting up a digital workplace, and one of it’s aims it to reduce Shadow IT, here are some approaches to consider:
Establish robust and clear governance
At the centre of a successful digital workplace is robust governance. Having clear rules about what IT is authorised and why, is essential for tackling Shadow IT. If there isn’t clarity about what is unauthorised it is very difficult to tackle the problem. Governance is a huge topic in itself and covers various different factors such as data security, GDPR, branding, compatibility, value, cost, ability to provide effective support and more.
Based on your governance structure then appropriate measures need to be put in place, for example locking down some tools and making others available. At the same time robust governance also needs to not be so stringent that it limits employee’s abilities to be perform their role, be creative or innovate.
Drive adoption of particular tools with guidance and support
Reducing Shadow IT is all about driving adoption of preferred, official tools. There are many ways to do this including providing guidance and support, particularly through peers and champions networks, but also encouraging and highlighting use through integration with your intranet. This is a successful approach we often see with our Wizdom customers who wish to encourage use of Office 365 tools.
Drive awareness of cyber risks
Employees need to be aware of the risks of Shadow IT. Looking at the very real threat of cyber security risks and how unauthorised applications and associated user behaviour (such as poor password management) contribute to these risks is a good starting point. Get a member of your senior management team involved to emphasise the importance of your message.
Give people choice of tools
People like to work in different ways and use a range of applications. They also have different needs where the capabilities of one tool might suit one use case, but not be so good for another. Giving people some choice over the tools they use means you can satisfy both need and preferences of users. In the digital workplace one solution does definitely not fit all.
Keep an eye on emerging tech and emerging needs
Organisations and digital workplaces are in a state of constant flux. Keeping an eye on the emerging tech which could be used in your organisation, as well as the emerging needs which might need a solution to be in place, can help to reduce Shadow IT.
Work with innovators and early adopters
There are groups of people who love to try out new tech and innovate. By actually engaging with this group and encouraging them to experiment with technology, you can help to satisfy their desire to play with the latest cool applications in a less risky way. If you’re keeping an eye on emerging tech then you can use your innovators to help define the pipeline of apps which you need to introduce into your digital workplace.
Reduce the need for Shadow IT!
Shadow IT is risk for all organisations, but it is best tackled by providing a strong digital workplace and toolset. If employees have a strong experience of workplace technology and can achieve all they need to do they are far less likely to turn to alternative solutions. Digital workplace teams can then build upon this to highlight the risks of using other systems and drive awareness of using the right tools. You can also use some of the other approaches mentioned in this article to reduce your risks.
Do you have questions on how Wizdom can help you reduce shadow IT?
You are welcome to request a product demo, where one of our digital workplace specialists can give you an in depth run down on the Wizdom solution.
The original article was published here