Shadow IT is the use of IT systems and software that are not approved by the company or organization. Many employees and vendors are using third-party solutions because they think they’re easier or faster or better. There are many problems with Shadow IT, though, beginning with security issues and the ability to control the company operations. Shadow IT can directly affect the ability to use and store data – a major company asset.
Steps CIOs and IT administrators should take to address the use of Shadow IT
In most businesses, Shadow IT is much worse than the managers and IT administrators think because there is no standard way to know which Shadow IT is being used. Some key Shadow IT strategies for any company are:
- Understand why workers are bypassing the company IT. Workers often bypass the company software because it’s too hard to use. Some workers feel company technology is too hard to learn. Others feel that it doesn’t provide the tools they need and isn’t up to date. Identifying company IT flaws can help minimize the desire to use personal applications and technology. Understand which programs are compatible with others and which are not. Incompatibility can often drive a worker to another software source.
- Communicate with your workers. A first step is to analyze the current IT and get feedback from employees and customers as to the pros and cons of the various software applications. Get suggestions for what software can help the company. Shadow IT is often about workers who want to do a better job – not workers who have a negative intent. A company software survey can help.
- Make the software more accessible. Many workers, for example, complain that they must wait a long time to have their job printed out. Workers who must wait to access the computer network or the company software will turn to non-company alternatives. Often the software is not flexible enough. By giving a user more control over how the software is used, the workers may produce better and faster results. Software should be available on the road and at home as well as at the company site.
- Educate the workers about the company software applications. Many workers may not be aware that there is a company software solution they can use. Employees may not know that an application they are using has additional features that can help them do a better job. Education can be through better documentation, company classes and seminars, and more communication between employees about the tools they use to get the job done.
- Educate the users about the problems with using shadow IT. Workers should understand that outside IT has security risks. Data may not be formatted so it can merge with existing company data. There may be laws, such as HIPAA privacy laws for health records, the Sarbanes-Oxley Act, and the European Union General Data Protection Regulations that must be complied with. Workers may not know they are in non-compliance.
