Turn Shadow IT into an Asset, Not a Threat

Shadow IT

Written by Michael Higashi


There’s been a lot of talk in the enterprise cloud security space around shadow IT, little of it good. Shadow IT is a problem at just about every organization. But careful discovery and evaluation can turn shadow IT from a threat to an asset. Let’s take a look at how.

Why do employees turn to shadow IT?

In order to address the risks created by shadow IT, enterprises must first understand why shadow IT has become so widespread. Shadow IT is by now in such rampant use that the very employees tasked with keeping enterprises safe from shadow IT are themselves adopting shadow IT.

At its core, the reason shadow IT has become such a problem shadow_it_assetwithin the enterprise is quite simple: it’s easy. It’s all too easy for any information worker in any department—including the IT department—to find and install a free cloud application that suits their immediate business need better than whatever solution the powers that be have approved. In many cases, the consumer-targeted applications shadow IT users are adopting tend to be more user-friendly and accessible than corporate-sanctioned enterprise solutions. Add to that the ease with which employees, particularly BYOD workers, can comingle their business and personal documents on cloud applications originally installed for personal use, and the heart of the shadow IT problem becomes clear.

The lesson shadow IT teaches

It’s obvious that shadow IT must be brought to heel. Despite all its convenience and frequently superior user accessibility, shadow IT applications create significant cloud security issues. Those concerns can’t be ignored. But as organizations work to shine a light on their shadow IT problem, they must remember that shadow IT teaches a valuable lesson: If you don’t give users the tools they need, they will easily find them elsewhere, introducing new ad hoc processes that have no corporate visibility, governance, or control.

How to turn shadow IT from a threat to an asset

Here’s where careful discovery and evaluation come in. Rather than simply rooting out every instance of shadow IT and shutting it all down, organizations must pay careful attention to which kinds of applications their employees are using and figure out why. For example, are shadow IT file sharing services common offenders? They are at many enterprises, thanks to email attachment file size limitations and the clunkiness of typical enterprise FTP file sharing systems. When you discover that a majority of your shadow IT applications belong to the file sharing category, you’ve unearthed an insight that can help you significantly improve your business file-sharing processes in future.

As you embark on your shadow IT discovery process, take careful note of the kinds of shadow IT applications you find. The insights into your employees’ needs will turn those risky shadow IT apps into definite assets in your long-term strategy of enabling secure and efficient cloud computing for the information workers at your enterprise.

Ready to learn more about enabling the cloud without sacrificing control or security? Download our free white paper, “CIO’s Guide to Enterprise Cloud Adoption,” today.