SaaS and the consumerization of IT have revolutionized enterprise computing. No longer do organizations and their employees have to rely solely on internal infrastructure for their IT needs, and no longer are they restricted by the limitations of that internal infrastructure. But with SaaS and the consumerization come the dangerous phenomenon of shadow IT. Employees who adopt whatever SaaS applications they want for business purposes, independent of corporate approval (or even knowledge), can put corporate cloud data security at risk.
By now, you’re aware of this. But are you aware of the most shocking statistic about shadow IT?
According to a Frost & Sullivan study conducted for McAfee, employees in the IT department are more likely to adopt shadow IT than line-of-business employees.
Yes, you read that right. The IT department is a bigger shadow IT offender than organization employees at large! And IT employees are likelier to use larger numbers of unsanctioned SaaS applications than line-of-business workers, too.
Pause and think about that for a second.
IT is aware of the dangers inherent in shadow IT, and yet IT is the biggest shadow IT offender.
Judging by this fact, it becomes clear that business does indeed have a shadow IT problem, and since the shadow IT problem has infected the IT department as well, asking IT to shut down unauthorized cloud use won’t work.
So what can organizations do?
There are three key steps that businesses must take to get their shadow IT problem under control. The first is to discover which shadow IT applications are in use. Tools like CipherCloud for Cloud Discovery use network logs to help identify the SaaS applications adopted by mobile users and internal employees so that organizations have a starting point.
Once those SaaS applications and users have been identified, the real work begins. You won’t be able to bring your entire company’s shadow IT use under control in a single day, after all. It will take time, and given that fact, you’ll have to prioritize your actions. The best way to do so is by focusing first on the most risky applications. CipherCloud’s shadow IT discovery solution allows you to evaluate the relative dangers of individual SaaS applications by providing risk scores for each one, drawn from our extensive knowledge base of thousands of cloud apps and researched by our team of risk experts.
And once you’ve got that information, you can much more effectively bring shadow IT under control. Evaluating and interpreting overall shadow IT use patterns will point out what computing needs are going unaddressed in your organization, including in the IT department. In almost every case, there are enterprise-grade equivalents to consumer-facing SaaS applications that employees adopt. The information you gain from a thorough discovery and analysis process will show you which applications your organization most needs.
To learn more about Shadow IT please download our report, Shadow IT: Data Protection and Cloud Security