How do organizations manage shadow IT risks without stifling innovation?

Published: Thursday, 12 November 2015 09:21

In this article David Meyer examines the significant benefits but increasing risk of a shadow IT culture. He explains what an organization as a whole can do to gain control over this trend…

Shadow IT is a very real issue facing businesses of all sizes today; it encompasses every aspect of a business.  This includes day-to-day processes that employees use to complete tasks, right through to the management of IT systems. Gartner expects that by 2016, 35 percent of enterprise IT expenditure will go on shadow IT resources. While organizations are aware of the trend, they often don’t appreciate the scale of it.

With the vast volume and variety of applications that are working their way into the IT ecosystem, businesses and their IT departments are overwhelmed. Cloud applications have become so easily accessible (all workers need is a credit card) that the IT department is often ignorant of their existence. In fact, as little as 8 percent of both small and large IT companies can say they have a good understanding of the number of unmanaged cloud apps used internally by their organization. More apps expose more data, and the IT department struggles to remain compliant. Although the desire to control applications is not going to disappear any time soon, it shouldn’t restrict the innovation that shadow IT presents to organizations willing to embrace it.

There is a question here of innovation versus risk. As the ‘millennials’ begin to enter the workforce, they bring high expectations for their working environment.  Today there is a huge gap between what they expect and what they get. To attract and retain tomorrow's workforce, organizations must adopt innovative technologies which support mobile working. By allowing loosely managed innovation, new solutions that will benefit the wider business can be found.

The reality is that employees like open ways of working because it enables them to do their jobs quicker, more competitively and with better results. However, with every staff member from HR to marketing working independently from the IT department and using various applications, to store, sync and share content, the company incurs extra risks. Shadow IT can become a security nightmare. So how can IT empower the business while protecting corporate data?

In order to bring down the defensive barriers and take the worry out of embracing new applications, the IT department should embrace solutions such as identity as a service (IDaaS), multi-factor authentication and user provisioning, which will allow them to keep the benefits but eliminate the risk. Allowing employees to freely use applications not only minimises the drain on IT resources but increases productivity and employee engagement, which helps the business, and also helps the business compete for talent.

With this in mind, organizations must ensure they embrace the many beneficial aspects of shadow IT (empowering employees), while empowering IT teams to ensure these new systems are secure and compliant. With systems such as identity and access management in place, harmony can be achieved between these needs, combining business speed with operational excellence.

The author

David Meyer is VP of Product at OneLogin.