What are the best strategies to stop it? Here are some pragmatic and concrete solutions
What is Shadow IT?
The Shadow ITShadow IT refers to the use of systems, programs, software and other devices by employees without the approval of IT departments. Due to the rise of the cloud and the widespread use of telecommuting, the phenomenon has increased in companies in recent years. According to a study by the consulting firm Frost & Sullivan, more than 80% of employees say they use IT solutions without the approval of their IT department! While it is sometimes possible to take advantage of this (identification of new innovative solutions and/or new needs, closer cooperation with employees, etc.), most companies try to avoid shadow IT. Indeed, this usage exposes to many risks: compliance issues, security breaches, lack of performance, random application of processes, etc.
How to fight against Shadow IT?
1. Put yourself in the users' shoes and understanding their needs
The demand for productivity and the exponential development of applications, tools and software undoubtedly contribute to the phenomenon of Shadow IT. It is therefore not a question of blaming users, but rather of understanding the reasons that guide their choices, as well as their needs. Indeed, they are not seeking to deliberately harm the company, but simply to put in place the tools best suited to their missions.
To begin with, it is important to make employees aware of the dangers of Shadow IT, and to explain to them (without trying to make them feel guilty) the consequences of some of their actions on the company, particularly in terms of security. Secondly, it is equally crucial to understand their needs: what is the reason for using this or that software, for example? What solutions do employees need most to get the job done? Which tools could be used by all employees, and how can a consensus be reached? An open and respectful dialogue, in which each party can express itself freely, is essential in this respect. It is the basis on which safety and compliance issues are built.
2. Involve employees in the deployment of new tools
While it is not a question of giving users complete freedom to choose their digital solutions, the objective is not to prohibit but to support and control, while making employees aware of the risks of immoderate use of Shadow IT. To do this, the company must (re)take control of its IS, as well as involving employees in the deployment of new tools. Which solutions were used until now, and how can they be replaced? What are the concrete needs of users, and which services are the most secure and best suited to their uses? By starting from the field and the feedback of the users, the company has the possibility to implement the best possible solutions.
3. Train the teams in the tools chosen by the IT team
Many employees are not aware of the security and data protection risks. It is therefore essential to close these gaps by training them in the tools chosen by the IT team, with clear and transparent explanations, but also (and this goes hand in hand with it) by communicating the subject in an accessible way. It is therefore up to the IT team to select effective, secure and easy-to-use tools and to implement them together with the employees. In this respect, employees must be considered as the internal customers of the IT department. This is the only way that the use of these tools can be collectively adopted.
💡 Mozzaik's tip: involve your employees! Suggest to your teams to mention the solutions they master on their profile in the company directory, so that they can be contacted in case of a question about a software.
Once the right tools have been chosen, the IT team must carry out constant monitoring. In this case, it is a matter of analysing the usage statistics of the tools put in place, and proposing solutions when under-use is observed (with the help of training, communication campaigns, etc.) or alternatives if it turns out that the tools do not meet the users' needs.
5. Choose modern, secure tools that communicate with each other and that can be easily upgraded when new needs arise
To put an end to Shadow IT, companies should implement tools that are modern, scalable and easy to use, but also connected to each other. It is therefore advisable to choose approved SaaS applications with a reliable security model, such as the Microsoft 365 suite. Again, training can be provided to employees if necessary. What if the best answer to Shadow IT was to streamline digital workspaces? This would include prioritizing applications that are directly integrated into thework environment. This is the case with Microsoft extensions such as Mozzaik365, which integrates into a single, secure environment.
6. Listen to the teams, set up a dedicated contact person to understand the users' feelings and anticipate new needs
Users should not only be listened to before the implementation of new tools. The listening process should be maintained over time, in order to take into account feedback and user requests. To do this, it is essential to set up a dedicated contact person. Taking into account the feelings of users in the field is not the only reason why this contact person is necessary. This person also has the task of anticipating the new needs of users, and therefore the tools they are likely to use in the future. This allows the company to be one step ahead, and not to be caught unaware of unregulated uses.
💡 Mozzaik's tip: create a dedicated idea box for IT needs on the intranet
Things to remember
📌Shadow IT is not a fatality for companies. Not only is it possible to put a stop to these parallel uses, but it is also a matter of companies seeing opportunities to improve existing processes and take into account the real needs of their employees.
📌By establishing an open climate and active listening to users, and by training them in security issues and the tools chosen by the ISD, it is possible to put an end to it, or at least drastically reduce its impact.
📌The implementation of an application integrated with the work environment more generally helps to avoid Shadow IT. Mozzaik365, for example, is directly integrated with Microsoft 365, allowing the company to maintain control of its environment, while preventing the need for employees to install new applications.