Few phrases in the enterprise are as polarizing as “shadow IT.”
Shadow IT, which refers to the use by employees of apps or devices that are not sanctioned by the company, is widely debated. Some security professionals view shadow IT as an unavoidable reality; others fiercely contest it and view it as a serious security risk. The explosive growth of mobile device uses—from Apple Watches to smartphones and everything in between—has only made the issue more difficult to navigate.
In a recent piece for CIO Online, writer Clint Boulton calls attention to a team that embraces shadow IT. Matt Bartholomy, senior manager for information security at Western Union, argues that taking away tools that aren’t sanctioned but are only moderately risky makes it more likely that users will be pushed towards solutions that are very risky. Western Union uses a mix of company- and employee-led solutions, and tracks unsanctioned cloud apps, in order to ensure employees have everything they need while keeping things as secure as possible.
Part of Western Union’s approach to shadow IT is a tactic we’ve mentioned before as one that can help combat it: holistic enterprise mobility solutions. Developing and deploying a comprehensive mobile application management solution, we’ve argued, puts you in control of the mobile narrative by giving employees app options that are within the scope of IT’s control. When employees can get most or all of the tools they need straight from the company, there’s not as much benefit to using unsanctioned solutions.
Of course, this approach only works when the mobility program is executed well. Nothing drives users towards shadow IT like a company app or tool that functions poorly. It’s only when a mobile app solves a key business problem or makes employees’ lives easier that you can expect them to embrace it. If it’s frustrating or doesn’t work as expected? Hello, shadow IT.
Though we won’t pretend that a comprehensive mobility solution is a silver bullet for eliminating shadow IT usage, we have seen such solutions make a significant impact in companies that deploy them. In our view, anything that helps move employees away from unsanctioned technology usage is a good thing.
The shadow IT question is a difficult one, particularly in today’s environments which are more complex—and have more users, devices, and applications—than ever. There’s no denying the convenience of popular apps like Dropbox and Evernote, but there’s also no denying that their unsanctioned use is a security risk. At the end of the day, determining how much risk is acceptable is up to you and your security team.
So: what do you think? Should businesses embrace shadow IT, or should they crack down on unsanctioned apps? Let us know in the comments—we’d love to hear your thoughts.