With shadow IT running rampant, how can IT keep pace?

Data privacy is high on the minds of businesses and consumers alike, as society at large is getting wise to the potential dangers that even seemingly innocuous apps (ie. FaceApp) might expose them to. That’s why it’s critical that enterprise IT teams put an emphasis on establishing realistic Internet use and network policies to help curb potential threats that could put their networks on ice.

Enforcing these policies, however, is easier said than done.

This is especially apparent when considering Gartner’s estimates that anywhere between 20-50 percent of enterprise app spending takes place without IT’s knowledge or consent — aka, shadow IT.

The rise of shadow IT mirrors the rise of SaaS in the enterprise generally: Tools and workflows that are delivered “as-a-Service” are by design easier to deploy and more cost-effective than on-premise solutions, which is a boon for enterprise IT as their role transforms from IT “cost center” to a more service-oriented operation in the recent past.

The primary concern with shadow IT historically has been that when users bring unauthorized apps onto the network, IT is blind to potential dangers that these tools might introduce; namely, data leakage and falling out of compliance with privacy regulations like SOC2 and GDPR. More often than not, however, shadow IT isn’t conducted with bad intentions on the part of the end user. Instead, it often comes down to a matter of preference: Some teams might like Zoom, for instance, but are only approved to leverage Citrix GotoMeeting or Google Hangouts.

That said, it’s not just the threat of malware that should have network teams concerned about shadow IT. When this practice is on the rise, it’s usually a response to growing dissatisfaction with the policies and tools in place. Moreover, users may be to blame for their own dissatisfaction, when non-approved apps are sapping up network capacity planned for approved tools, impacting performance of both in the process.

This all should immediately trigger enterprise IT to start rethinking their approach to network and app management, including (and perhaps especially) in determining what apps IT allocate network capacity to in the first place.

Get the lay of the land

As the name implies, shadow IT happens when network teams don’t have visibility into every tool leveraging network capacity. It’s more than just an issue of malware hiding in the shadows, its seemingly standard SaaS and web services that do not meet security and privacy compliance standards.

Teams also need to have a virtual census of all the applications populating the network to evaluate how non-critical tools (or alternative apps) are impacting the performance of the dependent solutions that are most important to business. Having an understanding of employee habits and preferences versus what’s prescribed by company policy can help inform IT teams on how to better plan network capacity.

Conduct a performance “pulse check”

Once IT has gotten a sense of all the apps leveraging the enterprise network, teams now must use their learnings to explore what existing policies/solutions are working, and where there is a need for improvement. Perhaps that team that abandoned Google Hangouts for Zoom was onto something, for instance, and the whole company would enjoy a different collaboration tool.

IT can also explore if the reason approved tools are being abandoned was a deeper performance issue that IT might not have been aware of. The network team could then take steps to remedy this chronic issue and get all users back on the same page, for instance.

Put newly gained insights to work

All of these steps are in the overall service of giving enterprise IT the visibility they need to successfully do the overarching job of managing and monitoring the network. With this visibility, and with the new insights gained, IT can more easily spot signs of hazardous shadow IT and drive the success of their network policies.

This doesn’t necessarily mean dedicating manpower specifically to policing end users and holding them to task. Instead, teams need to employ lightweight – that is, low bandwidth to not impact production app performance and low overhead for IT to manage – solutions that can deliver insights in near real time.

Once armed with active and passive visibility across the enterprise network, IT can start building bridges between themselves and the users or departments that turned to Shadow IT in the first place. That way, end users and network teams can approach the company’s tech stack collaboratively, recommending new tools or taking a proactive approach to remedying performance issues.

Don't miss