Help Shadow IT in Your Business Come in From the Cold

Help Shadow IT in Your Business Come in From the Cold
It can be incredibly challenging to maintain adequate, defensible information governance while also encouraging information sharing to boost productivity. Nowhere is this more evident than in the growing realm of “shadow IT.”

Shadow IT includes all the applications introduced into the enterprise but not approved by your IT and/or security staff. The blossoming — or explosion, depending upon your point of view — of shadow IT is fueled by the need for businesses to “get things done” and is enabled by key trends in information technology, including BYOD; inexpensive, downloadable SaaS applications; free, cloud-based storage from the likes of Google, Microsoft, Apple and others.

Shadow IT by the numbers
Because we’re talking about apps that fly under the radar, solid data is often hard to come by. But some reports have come out recently — and begin to shed some light on the breadth and depth of the problem.

One study done last year, surveying 600 employees at larger businesses (more than 1,000 employees each), found that over 80 percent of workers acknowledged using one or more non-approved SaaS applications (Stratecast, “Non-Approved App Usage, LoB v. IT,” November 2013). Equally surprising was that IT workers themselves were just as responsible, if not more so, for the proliferation and usage of non-approved applications.

Perhaps even more worrisome, a study done recently across all major verticals (Skyhigh Networks, “Cloud Adoption and Risk Report, Q2, 2014) found from 327 to 3,201 cloud services in use within the enterprise, with a total of 3,816 unique cloud services identifies overall. Of those:
Only 11 percent encrypt data at risk;
Only 16 percent provide multi-factor authentication;
And only 4 percent are ISO 27001 certified.

It’s not necessary to list the very costly data breaches that continue to make headlines seemingly every week. Most executives I speak to are well aware of the risks. Add to those risks the security gap within shadow IT, and establishing a strong, enterprise-wide information governance policy has, arguably, never been more vital. But how do we address information processes occurring in the shadows?

Turning on the lights
A good first step would be recognizing that an enterprise information governance policy must cover SaaS application usage, including portions of content management, file sync and share, and mobile collaboration applications. Presently, companies approach SaaS usage policies in a variety of ways — including having no policy at all, or at least not one that different lines of business (LoBs) are aware of:

An information governance policy can provide a framework to address unapproved SaaS application usage and help bring shadow IT “in from the cold.” IT can use the policy to help LoB users make better service selections. Ideally, IT can make available reference architectures that provide a certain level of information security and availability. Cloud application brokerage, while not perfect, is a big step forward from widespread use of unapproved applications.

And let’s be clear that IT is not exempt either. The policies and frameworks guiding device and app usage should ensure that IT workers are also required to comply.
Another compelling reason to have good processes around SaaS adoption is to ensure legal and licensing requirements are properly vetted. Case in point, some application are free for individual use but not for corporate use. This can expose the company to audits and financial penalties which in some cases can be substantial.

Of course, an accurate and up-to-date assessment of actual application usage, particularly information stores and processes, is crucial. When trying to uncover information processes flowing through shadow IT, there may be additional benefits to leveraging the outside perspective — and cross-departmental experience — of a specialist in business information processes.

An outside party may be able to bring a new perspective to the way you’ve been approaching a problem. They can bring to the table broad experience gained from multiple engagements across industries and geographies. A managed service provider may also be better able to speak the language and solicit the cooperation of LoB managers and employees.

Shadow IT is not going away. The fundamental trends of more devices, thousands of easily downloadable applications and free cloud storage are simply too compelling. There are genuine economic and productivity benefits to bringing SaaS apps into the enterprise. The trick is to find the best balance between agility, governance, security and productivity. A comprehensive information governance policy can help you find that balance.

And that’s where we can help. Learn more at or call us toll-free 1-800-444-2943

About Stratix Systems
With offices in Reading, Lehigh Valley, Philadelphia and Central and Northern New Jersey, Stratix Systems is one of the region’s leading technology solutions partners —with the people, resources and experience to deliver the IT, content/document management and imaging support you need: where, when and how you need it. In fact, very few providers in the region can match the vast array of total business solutions and responsive service available from Stratix Systems. It’s no wonder why we are the partner-of-choice for over 4,500 organizations throughout Eastern Pennsylvania and New Jersey.

Have a question? Get an answer. Our experienced systems experts would be happy to answer your questions, help you explore your options and develop a customized plan for you. Learn more at or call us toll-free 1-800-444-2943.

This post originally appeared on, authored by Ricoh USA’s David Levine.

Scroll to Top