How to Regain Control of Shadow IT

Copyright (c) 123RF Stock Photos
Copyright (c) 123RF Stock Photos

This increasingly mobile world has brought new challenges to IT departments. Figuring out how to maintain a secure network in the face of shadow IT is one of them. Shadow IT refers to all the different hardware and software that networks see due to cloud technology and BYOD (bring your own device) policies. Essentially, this is the junk that IT has no control over, but there are six ways that companies can regain that control.

1. Steadfast Monitoring

This is the most effective way to identify shadow IT when it appears. When outside forces contact the main body for access, it leaves a trail. By monitoring the network, businesses can detect new devices as they appear. Most IT departments do vulnerability scans anyway, so just make detecting new devices part of that process.

2. Conduct a Risk Assessment

Assess what programs and hardware components put the network at risk, and deal with them first. Companies can research known security threats in the cloud community and prevent them from accessing the system. This proactive approach to network security will cut down on at least some of the problems. As these programs attempt to gain access, identify the user and let them know that the application or service they are using will not work with the company’s network.

3. Make a Friendly List

As part of the risk assessment, come up with a list of friendly applications and cloud services that can access the network. Distributing a positive list gives staff something to work with as they load software onto their personal devices.

4. Give Them Controlled Options

Providing employees with IT-controlled applications for accessing data will prevent them from finding their own way into the network. Creating a custom application, for example, eliminates the need to find a potentially dangerous application or service.

5. Educate Staff about Third-Party Programs

IT can block certain apps, but it is more effective to discuss which programs are not appropriate as part of the training as well. Just letting them load an application only to find out the network prevents it from working will cause frustration and feelings of unwarranted denial.

6. Let Them Explain

As part of the training process, let staff acknowledge programs they use that are on the barred list. This “amnesty” approach gives them a chance to state why they prefer these apps and gives IT the means to tell them why they cause a security risk.