Pro Blog | PK Tech

Your Business Has Shadow IT. Here's What To Do About It.

Written by Megan Schutz | November 15, 2019

Shadow IT. Have you heard this term? If you’re a business owner and are not aware of Shadow IT, we’d like to be the first to explain what it is, what to be aware of, and how PK Tech can help you manage it. Time to take it out of the shadows (pun intended).

What is Shadow IT?

Shadow IT is a term that refers to Information Technology (IT) applications and infrastructure that are managed and utilized without the knowledge of the business’s IT department. For small businesses, the “IT department” is likely comprised of an outsourced Managed IT Provider and the business’s leadership.

How does Shadow IT impact your organization?

When employees or departments deploy programs like Dropbox without the IT Department, their intention is typically to add functionality without jumping through the hoops of management and IT people. 

There are two major takeaways when Shadow IT activities are discovered: 

  1. Employees need to be reigned in and their activities need to come out of the shadows.
    This practice hurts the organization. New solutions should be thoroughly vetted by department heads, management, and the IT department to ensure it solves the problem and doesn’t impact the business in a negative way. If you’re in a regulated industry, Shadow IT is a major security issue. In some cases (i.e., free Dropbox storing health records), it’s considered a reportable breach.
  2. Employees cleary have a need for a solution that isn’t being provided OR they aren’t educated about how the business’s existing systems can solve their problem.
    We’ve seen CPA firms struggle with sharing large files with their clients. We’ve seen medical practices struggle with sending large x-rays to a referring office. The natural solution is to use a free product like Dropbox free and move on. Right idea, wrong execution.

What can you do about Shadow IT?

Below is a simplified checklist on how a small business can address Shadow IT.

  1. In your Acceptable Use Policy, define Shadow IT and clearly state it is prohibited. Also, provide a method employees can request solutions or software for the IT Department’s consideration.
  2. Have a formal process on how to properly vet a solution for your business. At a high level, it should involve management by the IT Department and include a cost benefit analysis, risk assessment, and a review on how it may impact the existing environment. 
  3. Work with an IT company and request that they monitor for Shadow IT on a monthly or quarterly basis. On your first report, work with the IT company to whitelist and blacklist acceptable software & cloud solutions in the business. For the blacklisted software, decide if the problem it solves should go through the formal vetting process or if it needs to be immediately uninstalled and deleted.

How Managed IT Services Help Shadow IT

We’re well-versed at entering your organization and helping your IT department consolidate Shadow IT. We can also work alongside your leadership and/or IT department to help your organization prepare the most-used services to be enterprise ready for the whole organization. Need recommendations beyond employee opinion? We’re here to help with that too. With experience across multiple industries and organization sizes, we can offer insight into the best SaaS services to fit your organization. 

If you have additional questions about how to handle Shadow IT in your organization, or if you’re interested in getting a quote for PK Tech services, we’re here to help answer any questions and provide more information. To contact PK Tech, click here.

About PK Tech