3 Ways to Expose Shadow IT

In our SaaS-filled world of easily-acquired cloud software applications, there is a quietly growing pitfall lurking within the shadows which, if not exposed, can cost you both time and money.  Here’s how you can shine a light on the growing problem of shadow IT.

More than ever it’s easy for employees to discover, sign up for, and implement cloud solutions.  In fact, the process has become so fast and painless that many employees opt to bypass any IT department approval or vetting in exchange for speed and immediate functionality.  This unauthorized acquisition of software is called “Shadow IT” – and yes, it has most likely seeped into your organization.

According to a report by Gartner, it’s estimated that up to 50% of a company’s software application spend is made up of shadow IT.  In other words, half of what the organization is paying for are “rogue” applications that never went through an IT vetting process. It’s a feasible statistic when you consider how easy it is to sign up for cloud solutions (many of which offer “free” versions) and how quickly usage can spread within a team or unit when dealing with collaborative SaaS services.

The causes behind shadow IT are most often based on good intentions.  Why might some employees go rogue with their IT usage?

  • Urgency – They have looming deadlines and pressures they don’t want to risk derailing by waiting on IT approval.
  • Functionality – Endless options of SaaS means there are niche solutions that fit every need, which can be appealing to a handful of employees, but not cross functional enough for an IT unit to approve.
  • Familiarity – The workplace landscape is more fluid than ever, and with that comes a variety of software knowledge.  Often, new employees like to incorporate solutions they’ve used elsewhere so they can hit the ground running.
  • Naivety – Employees simply don’t know they’re doing anything wrong because their proper IT request protocols haven’t been clearly defined and shared.

Employees are simply trying to do their jobs well.  Unfortunately, their well-meaning intent can culminate in unexpected organizational issues including workflow disruption, unaccounted budget strain, and security risks caused by the potential exposure of sensitive data.  

Ultimately, the purpose of a modern IT unit is to not only design but also build and manage a technical infrastructure that works seamlessly, safely, and within budget.  Fulfilling the functional needs of the organization while respecting IT oversight is the balance that every business should strive for, but first you need to recognize the mess.  

Here are 3 ways to illuminate shadow IT at your company:

1. Look for Bread Crumbs

Shadow IT Email, Slack, Microsoft Teams, Confluence, Asana, Trello… businesses today use many forms of official communication to interact and manage projects.  Super admins can set up searchable keywords on those platforms for names of software that are potential shadow IT culprits–unearthing correspondence such as registration emails, product updates, and so on, and providing a great method to expose any services that have been unknowingly implemented.

Remember, this isn’t about placing blame or punishment, it’s about creating transparency.  Discovering these unauthorized services will help you understand the functional needs of your staff so you can better support them in an official capacity  In most instances, employees are necessary in identifying a workflow need while the IT department can find and implement the best solution. Bringing shadow IT to light, and then following up with productive action to solve for it, will help earn the trust of your staff and reduce future instances of unauthorized IT usage.

2. Review Your Existing Toolset

Sometimes employees don’t understand the full range of capabilities the tools currently at their disposal can offer.  IT should compare and contrast shadow IT applications against the features of existing IT infrastructure and services.  You can usually find significant overlap, and often it’s simply a matter of further employee training to resolve the issue. 

If overlap exists, the next step will be helping to migrate data and workflows from the shadow IT application to the existing, authorized service. This is best done piece by piece, keeping the learning and comfortability curve easy (a steep curve could be met with immediate pushback and  disregard among staff.) Maintaining functionality and budget is important, but what will truly keep shadow IT from popping back up is creating users who are happy with how their software performs.

3. Create a Feedback Loop

Part of the problem that leads to the existence of shadow IT is a lack of communication. Creating an open feedback loop where employees can regularly express IT needs, concerns, or ideas is a great way to make IT efforts more inviting, collaborative, and predictive to the needs of staff and business.  This can be done in a variety of ways, such as a quarterly meeting, Slack channel, Confluence page – whatever method is most accessible to the staff at large… just so long as an approved SaaS is being used!

The Light in the Darkness

Shadow IT can create big problems but can also be a great opportunity for revenue-friendly change.  Because they are involved in the day-to-day operations, employees are often the first to recognize pitfalls or inefficiencies that have a financial impact to the company.  So you don’t want to discourage forward-thinking when it comes to IT solutions. The goal is to eliminate shadow IT but maintain the good intentions that cause it—magnifying the benefits to both the company and its staff.  By following the above three steps, you can stay at the technical forefront of your industry, find savings to your bottom line, and create a healthy IT culture within your organization.