Shadow IT is looming.
While most organizations likely realize that they have a problem with shadow IT–apps, devices and the like used without company knowledge or approval–chances are, they’re underestimating just how pervasive shadow IT is.
In a new piece for SecurityBoulevard.com, author Tracy Hernandez argues that shadow IT is here to stay and that enterprises are better off accepting its existence and working with it than they are trying to quash it altogether.
“In today’s world,” Hernandez says, “shadow IT is a fact of life, so instead of fearing and fighting for control of it, IT admins need to admit its presence and form a symbiotic relationship with it.” Because users will continue to use technology that’s convenient for them, Hernandez argues, it’s better for admins to be realistic about unauthorized app and device usage and do what they can to mitigate security threats.
As for how to actually proceed, Hernandez recommends educating users, building better technology solutions, and striving for better visibility into shadow IT usage as just a few of many ways to mitigate the threat.
From our perspective, we agree with Hernandez in some ways and disagree in others. It’s true: in all but the most extreme corporate environments, there is some level of unauthorized IT usage, even if it’s something as simple as DropBox. And there’s no doubt that being realistic about that type of usage is the first step towards ensuring you don’t fall victim to a serious security breach.
That said, the story doesn’t end there. Hernandez suggests that better-fitting technology can help alleviate issues. We’d go even farther and say that a great deal of shadow IT usage can be mitigated or reduced by having a proper EMM solution in place. Employees want technology that helps make their jobs easier, so to the extent that you’re able to build out tools that accomplish that goal, you can make a big dent in employees seeking unauthorized workarounds.
At the end of the day, we think the best answer lies somewhere between the two extremes. While it’s unlikely that you’ll be able to rid your organization of shadow IT entirely, we don’t think that means you should let it run rampant, either. Taking steps to ensure employees and other stakeholders have the tools they need to succeed, and educating them on how they might be a threat to security if they use workarounds, is a happy medium that should put you in a better place.
So: what’s your shadow IT situation?