We are in the middle of a remote work and IT revolution. We’re being pushed through it by a whole bunch of different factors (mainly COVID-19), but that’s beside the point. Everything is going into the cloud, people are working from home, and IT departments are in a great position to cut off the fat and start some fresh initiatives to help people get work done.
Of course, there are bound to be some problems with this transition. Old ways of working aren’t going to do well in this new world and IT isn’t immune to that. If you haven’t embraced cloud technologies and the new SaaS (software-as-a-service) based world, there’s a good chance you’re going to butt heads with employees who do, and end up with a fair amount of Shadow IT.
What Is Shadow IT?
Shadow IT has been around since the first IT department and refers to the other IT your company uses. The unofficial solutions. For example, you may be a Microsoft house, but your employees don’t like OneDrive, don’t understand how to use it, or maybe don’t even know what OneDrive is. Thus, they fall back to the services they know. Maybe Google Drive or Dropbox since it’s what they used in school, at a previous job, or at home.
Shadow IT has a way of spreading through fragmentation. People don’t know where their files are stored (five different places with hundreds of files each). They don’t know if there is already an account for a service (whoever was the admin left and no one knows their password). They don’t know who’s paying for the tool they need to do their job (a user put it on a personal credit card). More often than not, someone will just sign up for another service instead of figuring out what’s going on the the other solutions available to them.
The worst part of shadow IT is that these tools have a way of embedding themselves in your company processes. Maybe one team refuses to switch away from Slack. Or the three-year-old spreadsheet that was meant to be used for a month is now a database of customer emails and looked at by dozens of people a day. In short, Shadow IT sticks around and becomes an integral part of someone’s job. Which is a problem, if only because Shadow IT is a real source of cyber security threats.
But it’s easy to state the evils of shadow IT without talking about the benefits. If you have employees going out and finding new tools, it means they’re engaged at work. If someone signs up for a new service and gets their entire team to use it, it means they’re cohesive and communicating well. And if a tool is integral to a job, it probably means the tool is integral to the job. Yes, Shadow IT is bad, but you can’t solve the underlying problem (people using unapproved tools) without understanding why people are switching tools in the first place. In fact, you shouldn’t try to solve Shadow IT by removing it, but by embracing it and making it part of your normal process.
Where Does Shadow IT Come From?
The perfect IT process goes like this:
- An employee talks to IT about a problem they need solved.
- The IT team and the employee figure out exactly what needs to be solved, and come up with a list of requirements that everyone agrees with.
- The IT team researches potential solutions and offers them to the employee.
- The IT team and employees discuss the solutions.
- Everyone agrees on a path forward and comes out satisfied in the end.
Of course, it doesn’t always happen this way. Maybe there’s a communication breakdown between IT and the employee. Maye security requirements are too strict, or the requesting employee leaves half-way through the process and the IT department is left without a main point of contact.
Or maybe the process doesn’t even start. The IT department has been known as “The Department of No” for a long time, and for good reasons. If your department keeps saying “no” to requests, people are going to eventually stop asking. Instead, they’ll get together with a few coworkers, agree on a product, and then start using it. They’ll basically cut IT from the process outlined above and come out the other side with a product that is probably ok but most likely does not fulfill all the IT requirements.
All because our perfect IT process breaks down. Any way that it happens, when the process falls apart, that’s when you end up with an unsatisfying solution. And then people, if they’re proactive enough, go find a satisfying solution. That’s where Shadow IT comes from.
How to “Fix” Shadow IT
If I had to pick the most important step in our ideal IT process, it would be step four. No one likes being told from on-high what to do, and when your IT department dictates a piece of software for a team, that’s exactly what is happening. Feedback, an honest discussion, an open dialogue – whatever you want to call it. That’s what is needed to keep Shadow IT from happening. If an employee is unhappy with a solution, listen to their complaints. And if you’re lucky enough to have an employee with a suggestion, well, why wouldn’t you listen to it?
To be clear, one way to cut Shadow IT is to shut everything down. Restrict permissions, block IPs, and put a stranglehold on every employee’s computer. That’s the wrong solution. IT should be there to serve people, not control them. Look at why people pick tools, at why they ignore the IT process, and learn from it. Maybe your policies are out of date, or maybe all the enterprise-grade tools you’re using don’t work for your 10-person company.
But the right solution is to work with employees. Have an open discussion and get some clear feedback about what tools work. Basically, stick to the ideal process above, however hard it gets.
Beyond listening to users, you also need to start educating employees on what tools are available. Maybe your IT department isn’t the department of “no”. You say “yes” to everything and already have all of the tools necessary. It’s just that no one knows about them. That’s a big part of the reason we built Navo.
Navo lets you provide an easy reference place for employees to know what tools your organization uses. Instead of relying on word of mouth or hard-to-update documentation, Navo gives you a visual way to display the tools you use and their relation to each other.
Navo also works with any SaaS product so you can link to almost any tool you use. And getting back to feedback, there’s nothing stopping you from adding a way for users to give feedback to Navo. Linking to a Microsoft Form or Google Form easily lets your users tell you if a tool isn’t working, or if there’s something they would like to be added.
Often, this is how you discover Shadow IT in the first place. You start building a repository of all of the tools your company uses and quickly find out from each department all of these different services that IT had no idea about.
In 2020, in a post COVID-19 world, you can’t ignore Shadow IT any longer. People are working from home, using Saas products all day, and there’s not much you can do to stop them from trying out a new tool if they want to. The idea isn’t to stop this process, but to involve the IT department in it. Listen to employee feedback and suggestions, and empower them as part of the process. Give them an easy place to find the tools they do have access to. In 2020, that’s how you solve Shadow IT.