How To Give Staff Apps They Want And Keep Them Away From Shadow IT

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Follow on:

Angelo di Ventura, director of web solutions specialist Trustmarque, explains how businesses can bring cloud computing out from the shadows

The new cloud-enabled, mobile world is changing the way employees work; giving them access to business data anywhere and from almost any device. The advent of Bring Your Own Device (BYOD) coupled with growing demand from employees that want more accessible applications, has undoubtedly contributed to the emergence of Shadow IT. Many IT departments are now finding themselves between a rock and hard place when it comes to managing cloud applications across the business.

cloud appEmployees are using apps such as Dropbox for business-critical functions, as they offer greater simplicity and improve productivity. Yet many of these apps are often not enterprise ready, which means it is an ongoing challenge to maintain an IT environment that supports employees’ changing working practices, but at the same time is highly secure. For example, a recent report from the Ponemon Institute on the challenges of cloud information governances showed that 44% of corporate data stored in cloud environments is not managed or controlled by the IT department. The report also highlighted that more than two-thirds of respondents say it is more difficult to protect sensitive data in the cloud using conventional security practices. Clearly, enterprises that want to embrace cloud but stay secure need a new approach.

Building bridges not barriers

A blanket approach towards blocking unsanctioned apps is unrealistic. IT departments must be able to empower employees by granting access to their favourite cloud apps, while protecting the organisation from data loss and network threats. Rather than blocking apps en masse, IT departments need to analyse the activities that pose the greatest risk, such as sharing data outside the company, and block those apps specifically to mitigate their risk. To do this, IT departments should have real-time visibility into how every cloud application is being used, in order to enforce smart usage policies and foster safe cloud application practices. With the emergence of the latest cloud management and analytics tools, this kind of instant clarity is very achievable.

Educate and consult

Once IT departments have complete sight of the applications being used in the organisation, the next step is to educate employees about why certain activities have been blocked. Educating the workforce and offering alternative apps that share a similar feature but at a lower-risk, means employees will feel empowered by using apps and devices they enjoy, and corporate security is maintained.
Consulting and providing feedback also means IT is in a strong position to give guidelines of approved applications, policies and alternatives, which are updated regularly and clearly communicated across the business. Providing consultative advice ensures IT will be seen as trusted provider; staff will want to be informed and discuss their IT queries so they can get the job done and improve business processes. Ultimately, this open approach will give IT greater visibility and insight into what applications users are deploying.

Gaining visibility

In the on-premise world it was relatively easy for organisations to keep track of the applications being used and by whom, as they were purchased and managed centrally. However with cloud, different applications are being used by different people across a multitude of devices; many of which have been purchased outside of traditional IT and procurement channels. This prevents IT from having visibility and control over the applications being used in the cloud. At the same time, costs can spiral out of control as a result of ‘cloud sprawl’, due to the sheer ease of buying services and applications (e.g. employees paying by credit card).
Without having visibility into cloud application usage across the business, organisations will be unable to consolidate applications and miss out on cost-savings as a result of procuring cloud services centrally. Having sight of the cloud applications being purchased allows businesses to easily forecast costs, and to make informed decisions that will improve business processes and cut costs.

Taking back control

Cloud applications like Dropbox and Evernote are enabling employees to get their work done and be productive, but it’s up to businesses to ensure that the applications are secure. IT departments have a tricky job of securing data while allowing employees access to cloud applications; businesses need to support IT with tools which provide visibility into the applications in use throughout the IT environment. With this kind if insight, IT departments can implement a far more strategic approach to ensure effective cloud usage and security policies. Once these controls are in place, the IT department will be able to increase user productivity and secure the IT infrastructure. Through this approach, IT can take back control and deliver value to the organisation with a skilled and productive workforce.

How much do you know about cloud computing? Take our quiz!