3 Tactics to Get Shadow IT Under Control

Shadow IT

Written by David Berman


Go Beyond Cloud Discovery to Get Shadow IT Under Control

3 tactics to get shadow it under control

These days, the question of what to do about shadow IT is a pressing one for every organization that handles sensitive data, whether that data is linked to corporate IP or customer CCs. Shadow IT is a growing trend in the enterprise, and the vulnerabilities employees create when they adopt cloud apps outside of IT’s control can lead to serious data breaches. That’s why a number of cloud security vendors, including CipherCloud, now offer tools to discover shadow IT applications. But discovery is only the first step towards locking down sensitive data. What you do once you discover your business’s shadow IT apps is even more crucial. Here are three steps to take once you’ve discovered the unsanctioned cloud applications your employees are using.

  1. Understand what’s driving shadow IT adoption

For many organizations, the knee-jerk response to discovery of shadow IT will be to shut it all down and implement strict rules against future cloud application use. While such a response is understandable given the serious risks that shadow IT incurs, this approach will only cause more shadow IT adoption down the line. That’s because employees aren’t turning to unsanctioned applications out of spite. Shadow IT adoption in the enterprise indicates dissatisfaction with IT-sanctioned solutions. If you want to get shadow IT truly under control, you must understand why employees adopted it in the first place. Look at which types of shadow IT application are most common at your business and work to understand what needs they’re filling. Widespread use of a file sync and share service like Dropbox, for example, is most likely a symptom of issues with corporate file sharing systems.

  1. Plan to replace shadow IT with secure enterprise cloud adoption

By this point, you should have a clearer idea of which shadow IT applications employees are using and, more importantly, why. Armed with that information, you can now take steps to prevent the shadow IT problem from recurring—not just through a ban on future adoption, but through the enablement of secure alternatives that will satisfy the employee needs your legacy IT solutions weren’t meeting. The cloud, after all, isn’t going anywhere. The question isn’t whether your organization will end up adopting cloud computing, but rather when and how, and the more control you have over the when and the how, the safer your sensitive data will be. Seek out cloud applications built and secured for enterprise needs and plan to further protect your data by integrating your new cloud applications with a cloud data protection portal that can apply encryption or tokenization to data on the fly, based on your organization’s policies.

  1. Prevent future shadow IT adoption by educating your employees on safe cloud use

The last piece of the puzzle is your workforce itself. While some employees do adopt shadow IT with full knowledge of its risks and the fact that the solutions they choose may violate corporate policy, many other shadow IT users aren’t as aware. As you transition to secure cloud enablement, plan to educate information workers on the dangers of shadow IT. Also consider implementing a system that will encourage employees to communicate any issues they are having with your organization’s IT solutions so that you can keep an eye on problems and address them proactively in the future.

Shadow IT is a serious problem at many organizations, but it doesn’t have to be an unsolvable one, and it certainly doesn’t spell the end of cloud use at your enterprise. Use the discovery of shadow IT as a tool to assess and address your employees’ IT needs. Your cloud data security may depend on it.

Ready to learn more about taking control of cloud applications and shadow IT? Download our free eBook, “Beyond Discovery: Cloud Data Protection,” today.