John Parks, EVP and Chief Information Officer, Ansira
Mergers and acquisitions are often part of a company’s growth strategy. As new employees come on board, they inevitably bring along their favorite technologies. Just as the fresh nameplates hang on office doors, the IT department will be saddled with a major challenge: shadow IT.
Shadow IT refers to the nonstandardized software and tools employees use to complete company tasks. The name has an eerie ring to it, but the real danger of shadow IT is that it often leads to expensive redundancies, workflow inefficiencies, and cybersecurity breaches.
Whether you’re working with newly acquired employees, mobile or field professionals, remote workers, or company mavericks, every technology used across the organization should be approved by the IT department to ensure compliance and safety and to prevent unnecessary expenses. Here are six ways to protect your enterprise from shadow IT.
No. 1: Understand the Competition
You have to hand it to ambitious employees who want to get their jobs done and will use creativity and whatever solutions they can to do it. As the CIO of a national firm, I’ve seen many shadow IT scenarios that can cost the organization in terms of dollars and security.
Some of the most common issues include the following:
• Increased costs with multiple subscriptions: Employees buy software without formal approval and expense it. (Example: The company is funding 10 different Dropbox accounts instead of one master account with multiple users.)
• Disparate file-sharing solutions: Employees located in different cities needed to find fast ways to share files. Some employees use one solution while another group uses a different one.
• Legacy limitations: Sometimes employees are forced to find their own one-off ways to work around legacy solutions that have limited use.
• The need for better communication: When data and people are difficult to find, employees may download noncompliant apps or software to assist.
• IT takes too long: When the IT department is slow to respond or solve an issue, employees may find ways to fix the issue on their own.
Any software or tool that isn’t a company standard falls under shadow IT and immediately becomes the IT department’s competition.
The larger the company, or the looser the rules, the more prevalent shadow IT can be. Understanding the landscape of all tools and subscriptions being used is the first step in figuring out which ones could be implemented across the enterprise.
No. 2: Identify the Leaders and Tech Adopters
By engaging managers or department leaders, you can create a sense of ownership in whatever solutions will be chosen for the enterprise rollout. Take advantage of those individuals who show technological aptitude or interest. Recognize that some of the shadow IT initiatives may actually be great ideas and could spark something the corporation should adopt.
Understanding the landscape of all tools and subscriptions being used is the first step in figuring out which ones could be implemented across the enterprise
Leaders who get the chance to voice their opinions and be a part of the process for determining company standards are more likely to accept the new technologies and follow the rules. Even if leaders are located in different cities, states, or countries, it’s important to have representative buy-in across the organization.
No. 3: Establish a Single Facilitator to Drive the Change
Large companies or companies in acquisition mode may have multiple technical leaders with different agendas. To establish, integrate, and enforce IT standards, the company must align among a single technology voice. This voice needs to be communicated by a single point of contact so people know who to go to for questions, issues, and solutions.
No. 4: Identify the Right IT Solutions
Even when you know your company is dealing with shadow IT, it’s a mistake to immediately shut down all of the noncompliant software and subscriptions without a replacement plan in place. Although this means letting employees continue business as usual, it’s better to wait and enact change only once a solid strategy can be implemented.
When identifying the right IT solutions, keep in mind that each one should offer these three nonfunctional attributes:
• It must make jobs easier to complete instead of adding more red tape.
• It must be simple to use and provide easy access. Users shouldn’t need to login via VPN; the solution should support single sign-on.
• It must be secure. Access should require multifactor authentication and support the latest standards for transport layer security and encryption.
No. 5: Communicate Corporate Standards and Plan for Change
Every employee should have a clear understanding of the company’s approved technology solutions and usage rules. Ensure that the IT department clearly communicates what the standards are and provides training and guidance for usage.
Along with communicating the standards, set up a process to handle requests and changes going forward. And don’t forget feedback: Set up a way for employees to easily communicate with the IT department so they can suggest new and innovative ways to manage their work needs.
No. 6: Shut Down Subscriptions
Once the new IT standards have been implemented and you know employees have the right tools to get their work done, it’s time to shut down subscriptions and solutions that aren’t company approved. Work with finance to ensure all contracts are ended appropriately to maximize costs savings.
Shadow IT is a short-term solution that creates a long-term problem if it isn’t handled properly. The key to success is enterprise-wide consistency, training, and ongoing communication.