When someone at your company uses technology without formal approval (or without telling anyone), it's called Shadow IT, and presents security risks. If you have an information technology department, it means that your other employees are using technology that isn't being managed by your resident tech experts - which means they have no control over it. This could be something as simple as an employee using Slack instead of Skype for Business to chat with a coworker, or something more risky like sharing a file externally from a personal Dropbox account. It could also mean unmanaged technology, like using a personal laptop instead of a business computer for work purposes. With an increase of cloud-based software, there's also an increase of employees implementing their own technology solution - without involving the information technology department or management.
Other than flat-out asking employees what technology solutions they've used (spoiler alert: you should), it can be a challenge to identify Shadow IT applications. While statistics vary, it's estimated that 40-50% of IT solutions are implemented outside the knowledge of IT management. IT professionals (like us!) are able to utilize industry tools to audit what programs are installed locally on a computer, as well as tools to see what online applications have been registered under the business email domain and stop shadow IT from happening in your company.
Why it's worth looking into
Most companies we work with have no idea these types of behaviors, shadow IT, are happening within their company. A lot of companies don't even think this is a big deal unless it's affecting the bottom line, so our job is to convey the risks around Shadow IT practices:
With free file-sharing tools like Dropbox and Google Drive, it's easy for an employee to take your organization's files from, say, a network drive, and share it with whomever they choose. While this is hardly ever malicious behavior, it can cause real security risks if the documents being shared contained payroll or client information. Additionally, if an employee uses his or her personal laptop, your company's data is only as secure as their personal virus or malware protection. No one really likes to think about security until something bad happens, but it can be really ugly and expensive for an organization to repair something that would have been easily prevented.
So if you've implemented Microsoft Project as your business-wide project management tool, what happens when an employee decides to use something different, like Trello? What happens if another employee likes Asana best? While these are all great solutions for project management, if each employee utilizes something different, there is no centralized line of communication. How will the rest of your team know a deadline has changed if they're not using the software it's been updated in? Critical communication like this is lost when effective solutions are implemented ineffectively.
Let's keep using the example of the employee who uses his personal Dropbox to share files. What happens when he quits? You have no access to the files he's stored on his personal account, and his former coworkers now have to recreate the document (at best) or at worst, that employee left on bad terms, and now you have a security breach on your hands.
Like the siloed communication example above, your employees' productivity can quickly drop when Shadow IT is used. What happens when a third of your office uses Slack to communicate, but the rest of them use RingCentral? Or you have half your employees using Dropbox, and the other half using Sharepoint? It means that there is no one central source of information, communication, and documentation, and the time your staff used to spend crossing items of their to-do lists is now used to chase the items they need to do their jobs. In a 2015 study, business leaders indicated unified technology solutions would increase revenue by about 36% from added productivity. When is a 36% increase in revenue bad, exactly?
So what can you do?
The best way to solve a problem is to prevent it from happening in the first place. Here's how you can solve and prevent Shadow IT use:
While numerous risks exist with Shadow IT, the silver lining is that your employees are identifying solutions and using them. That means they're innovative, invested in their work, and are thinking outside the box to get the job done. The best way to prevent a Shadow IT situation is to simply ask your employees what they need, and then listen. A huge part of identifying a solution is correctly identifying the problem, and there's no one more qualified than the employee who encounters that problem everyday. For example, if a large percentage of your employees started using an alternative file sharing platform on their own, perhaps your current solution just isn't checking all the boxes you thought it did. If your employees are electing to use their personal devices for work, perhaps it's time to upgrade your technology to make their work more efficient. Listening to the people doing the work and investing in their ideas fosters stronger relationships, and makes your staff feel heard.
If you have security and technology standards in place (another spoiler alert: you should), communicate them well, and often. In a 2012 study, the primary reason employees didn't comply with technology standards was a lack of awareness. They either didn't know what the standards were, or didn't understand what the standards meant for the tools they were using. Set clear standards from the start about the tech you're using, and then re-evaluate those tools regularly because your business needs will definitely change over time.
Check with the experts
Technology can be a huge undertaking. But if you do it right, you can increase productivity, efficiency, office morale, and probably your bottom line. Doing it right means evaluating systems that will scale with your business, integrate with your other tools, and make sense for your employees and your industry. You want more than just a single internal IT person to do this, so checking with the experts (let us know if we can help!) is the best course of action if you're not sure what direction to pursue.
Over time, it gets easier to both prevent and remedy Shadow information technology problems if you maintain good standards and have clear communication. That way, the only rogue operations you'll experience are the ones you'll hear about over a nice turkey dinner!