Shadow IT and dark data are challenges that IT teams would like to forget. They put the organization at risk of losing confidential or private data that could damage its reputation and breach compliance regulations. Shadow IT also creates a fragmented environment that does not meet corporate standards and can be time-consuming to support if users encounter problems.
While shadow IT is perceived as a growing problem, it also gives IT an opportunity to deal with it by aligning resources more closely to the needs of business users. By bringing shadow IT into the corporate fold, IT can help drive improved business results and minimize risk to the organization.
Data at Risk
Shadow IT has similarities to the BYOD movement that saw a transformation of mobile management practices. Instead of using their own mobile devices for business, users are downloading and using cloud applications and services that are not authorized by IT.
In both cases, it is the business data used on mobile devices or in unauthorized applications that poses the risk. Without the protection of corporate security policies and measures, the risk of data breaches or loss is high.
There are also potential problems for users. If they adopt unauthorized applications, they may not have access to support from the vendor and they may not be able to obtain it from their own IT department.
If they do approach IT, the team may have to allocate additional resources or divert resources from other more important tasks. That could prove time-consuming with Gartner estimating that shadow IT management represented around 35 percent of IT expenditure in 2016.
Shadow IT Growing
Shadow IT appears to be a growing trend, according to research by Spiceworks which found that 80 percent of respondents reported shadow IT in their organization. The figures for dark data are also cause for concern. Research from Veritas Technologies indicates that some 20 percent of respondents use personal devices to carry business data, and 65 percent use sync and share devices that are not approved and protected by IT.
The growth in shadow IT is partly due to users’ perceptions that corporate applications and services don’t meet their specific needs, while cloud applications are easily accessible, with or without IT’s approval. Frustrated users who adopt a do-it-yourself approach may be satisfied that they are meeting their needs, but this approach is risky and needs to be resolved.
Meeting Users’ Real Needs
Commentators recommend that IT takes a more proactive role, recognizing that users may have unfulfilled requirements and working with them to develop solutions that meet the business need and comply with IT’s management and security standards.
That requires greater cooperation between IT and the business to identify needs and meet them. Reviewing the types of unauthorized applications that come to light through support requests can help create a ‘wish list’ for application and service development.
Holding workshops or one-to-one sessions with users can also help identify and prioritize development requirements. It is also useful to put an education program in place to highlight risks and reinforce the importance of compliance with company security policies.
Return Control to IT
Both approaches can help to reduce the risks or even eliminate shadow IT and give IT the security and control it needs to protect the organization and deliver greater value to the business.