Once a niche phenomenon, shadow IT—in which end users purchase and run cloud solutions without the IT department’s knowledge or involvement—is now a solidly embedded part of the corporate technology landscape.
81 percent of end users surveyed by Gigaom Research in 2014 admitted to having utilized unauthorized Software as a Service (SaaS) applications at least once. Such so-called “rogue” cloud use exposes companies to heightened security and regulatory problems, scatters valuable reporting data across information silos, makes tracking company-wide technology spending harder, and denies businesses the group discounts they can get when buying software in bulk.
Want to avoid those headaches? Experts recommend these core strategies:
Diagnose the problem
Start by analyzing log data from your firewall and infrastructure management software to determine which unauthorized apps employees are using. Then, work with business managers and their employees to understand why people are using those systems. If you listen with an open mind, you’re likely to find their answers grounded in legitimate needs and complaints.
One of the most common complaints is that going through IT for new solutions takes too long. If that’s an issue at your firm, rolling out applications faster will make going rogue less tempting. Many IT departments today are finding that “DevOps” software development methodologies, in which programmers and operations staff work hand-in-hand to streamline and automate coding, testing, and implementation, are an effective tool for building and updating home-grown solutions more rapidly.
Users often buy cloud solutions because they need functionality that officially sanctioned applications don’t offer. Closing that gap renders shadow purchasing unnecessary. If many people at your company use unapproved file sharing software, for example, deploying an approved file sharing system will get employees the collaboration capabilities they want without compromising security or central oversight.
If you can’t beat ‘em…
Rather than banishing do-it-yourself app purchasing altogether, try making it safer instead by allowing employees to download a select set of pre-vetted SaaS offerings through an in-house app store. You’ll not only give users the self-serve flexibility they crave, but free up more time for strategic projects as well by offloading some of your support and maintenance burdens onto third-party solution providers.
Enforce the rules
If providing access to approved apps is the carrot part of a shadow IT strategy, barring employees from using unapproved apps is the stick. Be sure to establish clear rules about what users can and can’t do without IT involvement, communicate those rules to the entire company, and punish transgressors rigorously. When done in combination with the other steps discussed above, it will put you well on the way to bringing shadow IT firmly under control.
A veteran writer and editor, Rich Freeman has over 20 years of experience in the IT industry. Rich was founding editor and is currently senior consulting editor of ChannelPro magazine. His work has also appeared in Redmond Channel Partner magazine and on the Web sites of Computerworld, Network World, CIO, and InfoWorld magazines.