When bad things happen in the world of information technology, it’s not always the result of bad actors or bad intentions. In fact, the most well-meaning people can wreak havoc on your company’s data and systems — without any idea they’re doing it.
It’s a phenomenon known as Shadow IT — a name that symbolizes the sneaky, subversive way software-as-a-service platforms and cloud-based subscription services can enter your organization and, in the process, expose your business to unchecked third parties.
Shadow IT has emerged in part because employees have grown accustomed to the ubiquity of technology and applications that make their lives easier, more streamlined and more productive. Increasingly, they’re looking to adopt those tools in the workplace and bring that heightened efficiency to their work life, too. And when all you need is an email address and a credit card to do it, it’s easy to sign up for new systems without securing approval from your company’s IT leaders. In fact, 40 percent of all IT spending at a company takes place outside the IT department, according to research from the advisory firm CEB.
The problem is, that pushes technology downloads and installations into the shadows. Businesses are left in the dark. And with that comes risk.
Third-party applications typically require access to data to perform their core functions. If you don’t know what’s being downloaded, you don’t know what data is being accessed and, just as important, who has access to it. Although some employees may have the necessary technological insight to make informed decisions on behalf of the company, others may not.
That can create serious problems for the organization as a whole. In 2016, research giant Gartner predicted that, by 2020, a third of successful attacks on enterprises will be on their shadow IT resources.
External data breaches aren’t the only concern associated with unsanctioned data sharing; shadow IT also makes companies vulnerable to internal theft. An employee could use cloud storage programs to abscond with customer databases, intellectual property and other assets critical to basic business operations. If company leaders don’t know the cloud storage program is in use, they also won’t know they’ve been duped.
Then there’s the issue of compliance: If you work in highly regulated industries, there are rules associated with sharing files, documents and records. When you don’t know what technological resources have access to those documents, you run the risk of falling out of compliance — which is a risk most businesses can’t afford to take.
In addition to security concerns, there are also issues related to cost. SaaS platforms and applications don’t come for free. Most operate on a subscription model, which can lock your business into a set rate for a pre-determined period of time. And while the price may seem right for the employee who wants to use it in his or her work, it may not be for the business.
There are important questions that should precede any technological investment: How many people stand to benefit from the service? How long will you need it? Does it provide a service you’re already getting from another platform? If these downloads aren’t being tracked, chances are, no one is asking these questions before the moment of purchase. And that means your business could be spending more than it should be.
Lastly, there’s the question of efficiency. That’s the overarching goal of any SaaS platform you bring into the business, but how can you track that to measure your return on investment? An employee may download an application, access it once and then never use it again — leaving the business to pay for something it’s not using. One department may sign up for a service offered through a particular provider, while another department chooses a competitor. Then the company is stuck paying for both, while your business is relying on different systems to solve the same need.
Given all of that, it’s tempting to lock everything down and limit external downloads to just a few key members of your team. But that, too, comes at a cost. You want to arm your employees with the tools they need to be effective and productive in their jobs. You also want to empower them to find systems and processes that make the business more efficient.
So, what do you do?
You don’t have to limit external platforms to track their presence in your business. In fact, in its article talking about the risks posed by shadow IT, Gartner concluded that shutting it down isn’t the answer: “Companies should find a way to track shadow IT and create a culture of acceptance and protection versus detection and punishment,” the article states.
Instead, you can access a service like SaaSTrax to monitor what systems are being used, who in your organization is using them and how much it’s costing you. It’s a system that pulls IT out of the shadows and gives you the information you need to investigate applications, gauge their effectiveness and determine whether they are worth the continued investment.
And here’s a side bonus: When you have insight into how your employees are trying to use technology, you can gain a better understanding of their needs and preferences, which is critical to building a healthy, thriving team moving forward.
You can pull your IT out of the shadows without locking down your entire business. And you can reap multiple benefits as a result. At SaaSTrax, we can help. Sign up for a free trial to see how we can help take the risk out of your IT investments.