Balancing Innovation and Security when it comes to Shadow IT
Rick Delgado feels blessed to have had a successful career in the tech industry and has recently taken a step back to pursue his passion of writing. He's started doing freelance writing where he occasionally works with tech companies like Dell Computers. He enjoys writing about new technologies and how it can help us and our planet.
Much of business comes down to a balancing act. Risk versus reward. Benefits versus drawbacks. New versus old. As much as things have changed in the past decade, these are the types of decisions company leaders still have to make today. The same holds true for another aspect of business that by its very definition is often overlooked: shadow IT. While shadow IT sounds like some nefarious organization from a science-fiction novel, it’s actually the practice of employees using devices and applications without the explicit approval of IT personnel or management. On the surface, it may seem like an act that business leaders would want to stomp out as quickly as possible mostly due to the security concerns shadow IT introduces, but that may not be the best move to make. Shadow IT can in fact bring about some notable benefits for every organization, but as in all things of the business world, it requires a proper balance.
Shadow IT certainly isn’t a new concept, but due to the prevalence of mobile devices like smartphones and tablets, it’s easier than ever for employees to go behind the backs of the IT department. According to one recent survey, around 20 percent of employees say they use a cloud service without the IT department’s knowledge. Workers don’t do this for malicious reasons, of course. Instead, they do it because of one key benefit that stems from shadow IT: innovation. In essence, shadow IT can represent noticeable items and services lacking within an organization. If employees feel like they must resort to going behind IT’s back in order to get things done, it could mean the business is missing certain tools and features that are necessary. Workers who feel trapped by the limits placed upon them by the IT department will likely feel the need to innovate and find new solutions, whether it means using unauthorized communications software or taking advantage of storage via cloud computing services.
Considering the proliferation of bring your own device (BYOD) policies in the workplace, it’s now easier than ever before for employees to use apps of their own choice without checking with IT workers first. In many cases, this is in response to the relatively slow approval processthat it takes IT to give the thumb’s up to any new apps and software. Employees don’t want to wait for the permission of the IT department to do their job more efficiently. Shadow IT basically represents a push by workers to be more productive through innovation, which can in turn create greater value for the company.
With innovation such a key element of shadow IT, some may wonder why businesses don’t simply embrace it and have it practiced out in the open. Unfortunately, when acts like these are performed outside of IT’s jurisdiction, it also opens up more avenues for security risks to be introduced into the business network. The freedom to use whatever apps employees want can often go too far. Think of all the new apps available every day. Some of them might contain malicious code that has the potential to corrupt and steal data before spreading to other systems and devices. IT departments generally like to keep a tight controlon the technology used at the company, mostly to maintain high security standards.
The solution to these competing values is to find a proper balance between the two. IT departments should enable changeby opening up communication with employees. Suggestions for new applications and services should be welcomed and the approval process streamlined. IT teams should clearly outline how workers can make requests and regularly follow up with them during the whole process. Workers should feel the freedom to experiment with innovative apps while keeping IT up to date on what they’re doing. New apps and services should be routinely reviewed to ensure they are secure; then they should be supported company-wide.
Shadow IT isn’t a practice to be feared. By engaging in the practice, employees are essentially telling their companies that they need extra help to succeed. Businesses should see this need and embrace it, allowing for greater innovation while maintaining control over the issue of network security. Going too far in either direction will reduce the chances for success. Only by striking that balance between innovation and security will companies see the true value that can come from shadow IT.