The Coronavirus pandemic meant “all hands on deck” for companies in the San Jose and Silicon Valley area when it came to their technology infrastructure.
Businesses had to quickly adjust operations to make it possible for employees to work from home, and if they didn’t already have them, put new cloud solutions in place.
For many, this was done a bit haphazardly because they didn’t have pre-established policies in place. Policies that would address questions like:
- Do employees use their own computer or take home their work PC?
- How are employees to communicate with customers from home?
- How will network connections be secured?
In the rush to transition to a fully remote workforce, cloud services may not have received the vetting they normally do, and some that employees started using to do their work might not even be known by the company or their IT team.
Shadow IT is an issue that companies have always dealt with, but the COVID-19 crisis has made it a much bigger problem.
What is Shadow IT?
Shadow IT is when employees use a technology tool without the knowledge of their company’s in-house IT team or IT provider. Sometimes it’s without knowledge of management as well.
It’s not necessarily done in a nefarious way, but usually is because an employee begins using a certain program on their own as a way to get their job done without realizing the security impact it can have on their organization.
It’s projected that in 2020, 1/3 of all successful security breaches will happen via shadow IT applications.
A program that’s considered shadow IT could potentially be something an organization ends up using. But the problem is that it’s being used without going through proper vetting. When a program is used without being reviewed by your IT team, it can cause:
- Data security issues
- Excessive cloud subscription costs
- A disjointed IT infrastructure that’s not all working together and sharing data
How to Successfully Address Shadow IT Problems
The Coronavirus pandemic has caused a big issue with shadow IT for a few different reasons.
One is that many employees began working on their own computers and using those to access work products. These computers had software on them already that may be unsecure and that employees could have begun using because they did not have the software they normally used at the office.
Another reason is that a company may not have had a specific cloud tool that was needed to keep the office going remotely. So, employees had to do the best they could with the tools they could find.
80% of employees admit to using cloud applications at work without IT department approval.
To prevent shadow IT from becoming a major efficiency and security issue, here are several tips for how to address it.
Put an Approved IT Policy in Place
Before you can instruct your employees on the handling of software and applications they may want to use, you need to have a policy that provides them with guidelines.
Include details in your IT policy, such as:
- Which applications employees are allowed to use
- Why it’s not okay to use IT outside of the approved programs
- How to request that a specific program be approved for use
- Consequences for using non-approved applications for business data
Invite Employee Input on Their Work Tools
If you just come out and tell employees they can’t use the software they’ve been using that’s outside your approved programs list, you’re bound to cause some negative feelings.
Keep in mind that employees may have been doing the best they could due to the COVID-19 circumstances, so make your addressing of shadow IT a win-win.
Ask for employee input on what tools your company should be using and explain that you need to integrate your systems so everyone is on the same page with secure platforms that are all vetted properly.
Use a Cloud Application Security Platform
One way to get a handle on the applications your employees are using AND have them reviewed to see if they meet your security and compliance needs is by using a cloud application security platform. These are also known as Cloud Application Security Brokers (CASB).
Tools like Microsoft Cloud App security can alert you to any shadow IT being used for your business processes and also help you identify how risky it may be, so you can effectively choose to stop use or add it to your approved programs.
Another benefit of using a CASB is that it can ensure a data security policy that is applied to a file in one cloud application is carried through when that file is moved to a different app. This helps strengthen security and can improve compliance across your cloud app infrastructure.
Do You Know All the Applications Your Employees are Using?
Many companies are surprised at how many unsanctioned shadow IT applications are being used by employees. GEEK911 can help you put procedures and tools in place to get your business processes secure and under control.