As the provider of an enterprise security SaaS application, we know that the IT landscape is changing at an increasingly rapid pace. And, we’ve been hearing more and more from concerned IT administrators who worry about their users installing and using unapproved SaaS products. According to a recent Frost & Sullivan survey produced in conjunction with the Cloud Alliance for Google Apps, nearly two-thirds of end users say they choose and install their own applications in the workplace.
While this so-called shadow IT leaves some IT admins anxious over possible security breaches, another Frost survey put out in November 2013 finds that employees turn to shadow IT simply to gain efficiency (malevolence usually isn’t in play). In fact, the same study notes that IT employees are even likelier to use unapproved SaaS applications than their non-IT counterparts. Clearly, goals and reality are misaligned.
As an IT administrator, the majority of today’s “best practices” tell you to squash shadow IT by eliminating and forbidding unapproved third-party products. But, more than ever before, today’s well-equipped and increasingly knowledgeable end users expect to use whatever software – sanctioned or not – they need to do their jobs better. So how do you maintain a safe environment that also takes users’ productivity into consideration?
While embracing shadow IT isn’t possible in some highly regulated industries and companies, most IT administrators can and should enable employees to make the most of the SaaS market’s abundant offerings.
Enable End Users and Your Business
Imagine your salespeople installed and paid (possibly out of their own pockets) for an application that allows Google Apps and Salesforce.com – two of the largest pieces of your IT infrastructure – to communicate. By enabling your sales team to work faster and smarter, this application has a real impact on the company’s bottom line.
As an IT administrator, it’s your job to understand why the sales team felt the need to search for and install the application and enable them to better use the product going forward, whether that’s through training, setting up a workflow to provision the application for new members of the team or finding and vetting similar tools, which can further enhance the teams’ productivity.
By enabling end users and your business, IT can gradually transition from a cost center to a profit center.
Devote More Time to Training and Education
While end users may be more tech savvy than ever before, the IT department is ultimately better equipped to evaluate the safety of third-party applications. The IT department should educate end users on the risks associated with installing third-party products and encourage users to seek advice from the IT department prior to installing such products. In turn, IT administrators can also learn from end users to gain a better understanding of current needs and limitations.
By creating mutual understanding and properly training end users, shadow IT can become a source of innovation rather than a liability.
Gain a Clear Picture of Domain Activity
When it comes to selecting SaaS applications, the options seem endless. It’s virtually impossible for the IT department to proactively recommend applications that will fit every user’s needs. So unless you intend to operate a fully locked down environment, a nearly impossible feat in the cloud, you need to set rules and educate users to a point where you can trust them to make decisions. Then, using third-party application monitoring tools like FlashPanel’s Apps Explorer feature (currently in beta), you can watch for applications that don’t meet the rules you’ve put in place to ensure compliance going forward.
Shadow IT should not be feared, shunned or shut down. If you embrace it, it may even become a primary driver of IT innovation and employee satisfaction. Sure, not every application will meet your security standards, but by showing end users that you wish to enable rather than hinder their use of products that help them do their jobs better, you’ll create a productive, happy and, most importantly, compliant environment into which you have full visibility.