According to a recent study by security specialist McAfee (“Cloud Adoption and Risk Report 2019”), 21% of files hosted in the cloud contain sensitive data, while the actual sharing of such files has increased by no less than 53% in a single year. Even more striking – and worrying perhaps – is the finding from another recent study, sponsored by McAfee but conducted by Frost & Sullivan, that 80% of employees admit to already having practiced shadow IT. Either because their department has chosen and adopted a solution without consulting their IT staff, or – and just as easily – by buying software on their own initiative.
Not only is the use of shadow IT often just a mouse click and a credit card away, the millennials in your workforce also tend to consider BYOD (Bring Your Own Device) an acquired right, allowing them access to any number of professional applications from their personal devices. Consequently, many applications and devices nowadays escape the view and therefore the control or management of IT departments – which is precisely the definition of ‘shadow IT’.
The dangers of shadow IT are obvious, whether in terms of security, management costs or the lack of coherence of your overall IT infrastructure. And while aspects of cost savings and greater flexibility can be put forward as clear benefits by the business or even a particular user, it is not so much the actual existence of shadow IT that seems problematic, but its huge breadth. Indeed, if shadow IT gets too widespread, it can quickly become uncontrollable, even though it’s meant to meet the needs of efficiency and agility.
In addition, the role of the IT department is precisely to translate the demands of business users into powerful IT solutions. However, the hurried choice of an external application may not fully meet the expectations and, above all, it may not be part of your company’s overall IT strategy. Even worse yet, it may not even be able to integrate – sufficiently – in your company’s IT infrastructure.
Should you just surrender to shadow IT then? And give those external applications free rein within your carefully built and managed IT infrastructure? Certainly, some will evoke the ease and speed of implementation of such applications: a key argument in the context of digital transformation.
As a first step, while defining a framework for good governance, your IT department should inform your users and raise their awareness of shadow IT. In addition, it should insist on its own skills and those of its trusted partners, without necessarily closing the door on any external solutions. It should also insist on the necessary coherence of your IT environment. Not to mention important aspects of that environment, such as security and compliance – especially in view of the famous General Data Protection Regulation (GDPR).
Ultimately, your IT department should seek to position itself as a trusted partner rather than simply a service provider, by searching with its business colleagues for the most relevant solution that can be deployed in a timely manner. In other words: it needs to become a privileged and open interlocutor capable of offering informed choices in line with the priorities and objectives of each business entity. In addition, it will have to offer a catalogue of services in the form of an a la carte menu rather than a set menu.
More opportunities than threats
« The cloud offers more opportunities than threats », concludes the McAfee report. « Especially for organizations that are able to manage the risks and equip themselves with the necessary skills and tools to secure their IaaS, PaaS and Saas. »
As a consulting firm specializing in information systems architecture and transformation, we at Aprico Consultants help you strengthen your position in the market by providing you with the necessary flexibility, performance and competitiveness to accelerate your digital transformation processes. As a privileged partner of your IT department, we help you identify the elements of shadow IT as part of an in-depth study of information exchanges within your company as well as with your external partners. Finally, once we understand the reason(s) for these shadow IT practices, we help you restore confidence in your business users and implement application governance policies in line with your global strategy.