Shadow IT: What can your IT department do?
June 26, 2019

Shadow IT is not an unknown phenomenon. The truth is it happens in many Danish workplaces. In fact, Version2 in 2017 estimated that 9 out of 10 cloud services are operated outside of the IT department. Therefore, there’s no need to feel alone in the world when it comes to problems with Shadow IT. However, you need to know what Shadow IT is and what to do when coming across it.

Just a minute. Shadow huh?

Shadow IT is a sort of stealthy IT that isn’t controlled by the company’s IT department. It doesn’t necessarily mean the IT department is slow or inept – perhaps it’s just big or completely kept out of the loop by users who start using IT solutions that your company hasn’t authorised. There are a number of examples of Shadow IT:

Perhaps the company decided to use Salesforce. A sales rep then suddenly starts using another solution in order to keep some of his clients to himself.

Or perhaps the IT department has issued a policy about using OneDrive – in which case you don’t want people to use Google Drive or Dropbox instead.

Another example is that all communications should happen through Skype and yet the employees chat internally on Slack. In other words, we’re talking about desktop applications or apps the IT department isn’t responsible for operating.

How do I find out if my employees are using Shadow IT?

Firstly, you should ask your employees which applications they use. Grant them a ‘safe passage’ and discuss the ’illegal’ software. This is a great way to have a talk about Shadow IT and how your company should handle it.

One of the software solutions developed by CapaSystems is PerformanceGuard, whose primary purpose is to collect and analyse performance data from your IT system. As an added bonus, you as an IT manager can also receive a notification e-mail whenever one of your computers accesses applications and online apps they’re not supposed to use.

Data is likely collected from all of the company’s computer systems to a greater or lesser extent. Therefore, your IT department can also see which applications and apps the machines are accessing. The data analysis is a great help in tracking down Shadow IT, and the insights can be used as a catalyst to rethink whether you have the right IT solutions.

How should I penalise Shadow IT?

Maybe you should not actually penalise it. It is vital that the IT department should learn from Shadow IT instead of just penalising the people using it.

‘You shouldn’t necessarily combat the use of Shadow IT in your business. Instead, you should approach it with an open heart,’ advises Steen Teudt, Product Manager of PerformanceGuard at CapaSystems. He explains:

‘At the end of the day, Shadow IT exists because there is a need. Nobody uses Shadow IT to become less efficient. Consider it a wake-up call for the IT department; otherwise people will enable a VPN and do it that way.’

Ultimately, it’s about the employees not feeling they are being listened to. That’s why they use Shadow IT. Going back to the communications example, the root cause may be that Slack can be used both internally in a group and to contact people outside the company. Perhaps you should switch from Skype and move all communications to Slack in the future.

Often cloud solutions provide the most challenges. People use Google Drive instead of OneDrive or a third solution. Therefore, listen to your staff to find out why Google Drive is being used instead of OneDrive.

Although the word Shadow IT may sound scary, it is important to see it differently: Your employees want to do their work efficiently, but your existing systems don’t allow for that. By knowing how your employees use Shadow IT, you gain insight into how they work. You can use this knowledge to develop your approved IT systems in the future.