Shadow IT has become one of the hottest topics among technology professionals. Broadly, the term describes employee use of any type of technology for work purposes without the IT department’s approval, an issue that has made its way back onto the table as mobile working becomes more popular.
This has presented a new set of security issues for IT departments which are unsure of what this concept means for their business.
Most people use iOS or Android operating systems, both of which offer a seemingly endless supply of excellent consumer apps. Some of these apps are so well suited to work purposes that employees are tempted to use them for work, without considering the security implications. This is happening beyond the control of CIOs; 58% believe that shadow IT could potentially see them out of a job.
This issue won’t simply disappear. The consumerisation of IT has produced an environment in which 44% of employees are willing to use their own apps to get their work done, regardless of the IT policy. This is shifting enterprises firmly toward mobile, as the traditional PC model starts to become less suited to the needs of the workforce.
The CIO’s dilemma
CIOs have a choice: either limit the use of unsanctioned apps and other services, or make the most of them. Popular consumer apps are playing an important role in mobile oriented companies, so restricting their use entirely may not be a viable option.
It’s also likely to be incredibly challenging. According to one report, as many as 88% of apps used for work are outside of IT’s control. Restricting the use of one popular app will often prompt staff to start using another. CIOs attempting to take this approach certainly have their work cut out for them.
Playing it safe
The IT department should consider a more flexible approach. If there is demand for consumer productivity tools among staff, then it’s clear that IT isn’t meeting all of the employee’s needs. CIOs should identify employee grievances and work toward the best possible solution, using shadow IT as an asset, rather than a threat.
Personal cloud apps used to store corporate data are a good example. IT isn’t likely to control a personal storage app, but can implement services to secure the files themselves. Through the separation of the security framework from the storage location, corporate files can remain secure regardless of what storage repository the user prefers.
Putting the employee first
Across the industry, there is a remarkable shift towards a mobile-first model, in which user experience is prioritised through the employee’s own choice of device, OS and apps.
The mobile-first model also features a more suitable security framework. While the PC model was structured on an open file system requiring IT to put restriction at the heart of its approach, the mobile model features a ‘sandboxed’ structure.
This limits the ability of apps to share data without the right permission, making the framework inherently more secure and flexible enough to manage higher levels of demand. As such, security at a mobile first organisation emphasises responsible enablement as opposed to restriction.
The IT industry is headed firmly toward consumerisation, so it’s likely that the range of useful consumer apps on the market will only increase. Managing this shift through restriction is an increasingly difficult job.
It’s time for CIOs to realise shadow IT can be an asset for understanding staff needs and enhancing productivity, and not only a source of security headaches.
Sourced from Ojas Rege, MobileIron