How To Help Your Clients Prevent Shadow IT

By James Brown, Chief Architect, JumpCloud

Shadow IT, information-technology systems and solutions built and used inside organizations without explicit organizational approval, can be lurking in any company’s infrastructure. In today’s modern cloud era with easy-to-leverage applications and devices, the IT department —or you, as an IT solutions provider — can very easily lose control. The days of dictating what employees can and cannot use for mobile devices and applications are largely over. Fundamentally, preventing shadow IT is about creating a sense of change in how the IT team is viewed within the organization. If the IT team can be viewed as a partner in helping employees to be more productive and keeping them safe from external and internal threats, there is less incentive to work around them.

As the workspace culture changes, the goals for IT also need to change to ensure that employees and IT departments continue to work together effectively. Rather than focusing on control, IT should turn its focus toward enablement. Employees today are independently searching for ways to more effectively do their jobs. They are looking for anything from a particular type of device that can help them work faster to applications that streamline their daily tasks. Often, employees aren’t asking for permission to utilize these solutions but are moving forward on their own, opening the company up to security risks. In these situations, IT should be working to change the culture in an effort to assist employees by helping them implement the appropriate solutions more quickly and efficiently — but ultimately more securely.

While employees believe taking matters into their own hands will make solving their problems easier, they need to know that looping in IT for support will actually help in both the short and long terms. IT departments are familiar with purchasing and developing solutions and can help structure better deals and contracts more quickly based on employee needs. Culturally, IT needs to become a service organization for the rest of the company, explaining exactly what support and resources they can offer and making themselves widely available to prevent employees from going rogue.

Another way to prevent shadow IT is to improve the relationship between IT and employees and incorporate IT into actions and processes. For example, employees are always looking for ways to easily connect to all of their IT resources with the least amount of friction through single sign-on or similar authentication processes. If IT can help enable this, they will have greater insight into the potential problems as well as the solutions being used. Most employees in an organization, while savvy enough to set up their phones and apps, do not have the expertise or mandate to integrate solutions into the infrastructure as a whole. Making IT a resource available to help end users fully maximize their technology’s potential is essential to building a strong team. IT can also provide training and support, further developing the relationship with other employees in a continued effort to stay transparent across the board.

 Here are a few questions to ask employees that can help demonstrate the value that IT professionals bring to the table:

1. If you leave the company, how will others who have come to depend on tool X continue to leverage it?
2. If your credentials for tool X get compromised, how will you ensure that you can regain control of it?
3. Do you plan to provide internal desktop support for the tool, or will everyone be on their own?
4. Is there a way someone could leverage tool X to compromise our infrastructure?

These are all areas where IT practitioners can bring years of practice to improve the user experience, security, and management of tools. These are the right questions, but more jaded employees will expect that the next step is days or weeks of review and miles of red tape. Asking these questions is an opportunity to provide a very streamlined process that helps get users what they need quickly and effectively. A long review process or a pile of paperwork is the surest way to encourage Shadow IT and flies in the face of how the most agile and effective companies operate.

Sometimes despite building the right culture and process, shadow IT still persists. In cases where the problem continues, companies may need to use specific tools to uncover the issue and identify potential solutions. There is a wide variety of ways to detect whether or not shadow IT is a problem. These include determining whether non-corporate devices are on the internal network or whether employees are accessing solutions that haven’t been corporately purchased. Of course, when shadow IT components are found, squashing it is often the wrong course of action (unless there are serious breaches of security protocol). Instead, employees and the IT team should work together to integrate these tools and processes, developing a method for adopting future solutions.

The partnership between IT and employees starts with creating the right culture and ensuring that processes make working with IT highly efficient. Shadow IT doesn’t have to exist within an organization, but it will take a significant amount of work to eliminate it.

James Brown is chief architect at JumpCloud, the first Directory-as-a-Service (DaaS) company. JumpCloud securely connects and manages employees, their devices, and IT applications. Brown provides new product definition, engineering, customer support, and customer deployment architectures. His background is in system administration, software development, security, and product management.