Times have changed, and things are continuing to evolve in large part due to the coronavirus pandemic. As you continue to adapt to changes caused by the coronavirus, it's important to remember that Shadow IT still exists -- and it's never been more prevalent.
But first...here’s a quick recap on how we're defining Shadow IT.
Shadow IT is a term that refers to Information Technology applications and infrastructure that are used by the employees without the knowledge or approval of the business's IT department. For a small business, the "IT department" is likely to consist of an outsourced Managed IT Provider and/or the business's leadership. For more on this, check out our blog, Your Business Has Shadow IT. Here's What To Do About It.
This is how it's impacting your organization:
When employees or departments deploy programs like Dropbox without the IT Department, their intention is typically to add functionality without jumping through the hoops of management and IT people. Why is this bad? Your staff is adding complexity to your business and introducing solutions that have not been vetted. If you’re in a regulated industry, storing data in Dropbox free is a breach. If this employee leaves, and there’s proprietary company data in a Shadow application such as Dropbox, how is this data getting transferred over to their manager? The IT Department has to go into investigation mode and waste time retracing the steps of a rogue application choice. It’s more risk and costs for the employer in the end.
Why are we seeing an increase in Shadow IT currently?
Shadow IT is becoming more prevalent right now because most employees are working from home due to COVID-19. While working remotely, employees download and sign up for cloud software without the IT Department's support due to a lack of supervision, written protocols, and controls. They're likely not being provided with all the solutions required to adapt to a work from home arrangement, so they're empowering themselves based on a quick Google search.
With so many employees working remotely, the prevalence of Shadow IT risks is heightened. Many employees are initiating services that are free during the pandemic. In just a short time from now, they'll be asked for a credit card, and potentially valuable and proprietary company data will be locked up in an un-vetted solution unknown to the IT Department.
What can your business do about Shadow IT during the coronavirus?
- Revisit your Acceptable Use Policy with your employees and make it clear that Shadow IT is prohibited.
- Provide employees with a clearly updated protocol (in light of remote work due to COVID-19) for requesting solutions and software for the IT Department's consideration. This should be a purely remote/online process so employees can utilize it while working remotely.
- Have a formal process for how your IT Department is vetting potential business solutions. The process should be managed by the IT Department and include the following: cost-benefit analysis, risk assessment, and a review of how it may impact the existing environment.
- Work with an IT Company and request they monitor for Shadow IT among all remote work and in-office employees.
PK Tech Can Help
We know times are changing. Our team is committed to staying ahead of our business customers' needs and staying attuned to the heightened risks that come with coronavirus and remote work. We are well versed at helping your IT department consolidate Shadow IT, manage risk, and develop timely solutions.
If you have questions about how to better handle Shadow IT in your organization during the coronavirus pandemic, or if you’re interested in getting a quote for PK Tech services, we’re here to help. Contact PK Tech here.