Three Steps to Manage Shadow IT in the Enterprise

IT teams face an uphill battle in managing the deluge of apps that now populate enterprise networks. A big reason for this is that employees have access to a wide array of SaaS and cloud-delivered platforms—both business-critical tools and otherwise—that they can deploy in just a few clicks. This puts the onus on network teams to lay out specific policies about what kind of tools they’ll allow on the network, as apps that could pose a threat to network performance are now increasingly common and easier than ever to deploy.

Holding employees to task and enforcing these policies, however, is easier said than done.

This is especially apparent when considering Gartner’s estimates that anywhere between 20% and 50% of enterprise app spending take place without IT’s knowledge or consent—aka shadow IT.

The rise of shadow IT mirrors the rise of SaaS, as tools delivered “as a service” are, by design, easier to deploy (often requiring simply a web browser and registration) and more cost-effective than legacy solutions, thereby giving individual employees more agency to seek out and start using new apps at their discretion.

The primary concern with bringing unauthorized apps onto the network is that it can make enterprise IT teams unaware of potential dangers that these tools might introduce—in particular, data leakage and falling out of compliance with privacy regulations such as SOC 2, GDPR, and CCPA. But it’s not always (or even usually) the case that shadow IT is conducted with negative intent. In reality, it often comes down to a matter of teams preferring certain platforms to complete day-to-day tasks over those approved by IT (e.g., preferring Zoom over Microsoft Teams for unified communications, or UC).

When this practice is on the rise at an organization, it’s usually in response to dissatisfaction with the policies and tools approved by IT. Moreover, users may be to blame for their own dissatisfaction, such as when non-approved apps sap up network capacity that was originally allocated for approved apps, thereby impacting the performance of both “shadow” tools and approved ones.

So where can IT teams get started in keeping a handle on shadow IT? Here are some tips:

Get to Know Your Network

As the name implies, shadow IT occurs when network teams don’t have an understanding of all the tools leveraging their network. It’s more than just an issue of malware hiding in the shadows: Teams also need to have insight into every application living on the network to evaluate how non-critical tools (or alternative apps) are impacting the performance of approved business-critical solutions. Having an understanding of employee habits and preferences versus what’s prescribed by company policy can help inform IT teams on how to better allocate network capacity in the future.

Give Your Network a Sanity Check

Once IT has gotten a sense of all the applications populating the network, teams can then explore what existing policies (and approved apps) are helping the business, and identify where things could improve. Perhaps a team that abandoned Skype for Business in favor of Zoom was onto something, for instance, and the whole company would benefit from a new default UC tool.

IT can also explore whether the reason approved tools are being abandoned is a deeper performance issue that IT might not have been aware of. The network team could then take steps to remedy this chronic issue and get all users back on the same page.

Put Your Learnings to Work

All of these steps are driving toward the goal of giving enterprise IT the visibility it needs to successfully monitor and manage the network and all the apps within it. With this visibility, IT can more easily spot signs of hazardous shadow IT and better enforce (and inform) its network policies. This doesn’t necessarily mean dedicating members of IT staff to policing end users, however. Rather, teams need to employ lightweight, low-overhead solutions that can deliver active insights on app performance in near real time without overcomplicating the task of network monitoring. Combined with passive traffic analysis to identify what apps are running at each enterprise location, IT can gain a full picture of the app landscape.

Once armed with active and passive visibility across the enterprise network, IT teams can start building bridges between themselves and the users who turned to shadow IT in the first place. That way, end users and network teams can approach the company’s tech stack collaboratively, recommending new tools or taking a proactive approach to remedying performance issues. 


Subscribe to Big Data Quarterly E-Edition