Every gardener knows: Weeds often thrive unnoticed in the most unlikely of places. Nevertheless, you come to terms with these unwanted specimens every time, year after year. Many IT departments in companies and organizations must feel much the same; here and there, new, unapproved applications are constantly “popping up.” This is known as shadow IT.

They are nasty, often small and cause sleepless nights for IT professionals and administrators.: the many private smartphones, tablets, and programs that employees use for work, without giving it a second thought and often without permission (keyword BYOD). The secondary systems, special applications, or isolated solutions in the cloud, which are used daily by specialist departments are also often ignored. The dangerous thing is that every single one of these devices and software programs can pose a threat to sensitive company data/information: They are gateways for external attackers. It also makes it difficult for IT to network software and hardware smoothly. The consequences are loss of information, loss of efficiency and, in the worst case, economic damage.

Shadow IT: unauthorized, but also useless?

The possibilities of online tools for collaboration or project management, apps such as Dropbox, smart watches, wearables, Internet of Things etc. are all too tempting. They help when it comes to sharing information, collaboration, mobile work, project management, etc. and are also quite easy to use.

So what can you do as a company? Ban private devices completely, prescribe software use centrally and rigorously monitor them? Absolutely not! However undesirable these “little” devices may be, they are also an opportunity to make work in the company easier and help company to become more successful. How does that work?

Recognizing and understanding needs

Shadow IT does not just turn up out of the blue. Usually there is a need behind this, a need on the department or employee side and IT is not able to adequately support them. For example, when cooperation is hampered by the lack of fast communication tools. When software solutions are outdated and hinder more rather than support the work in a department.

One possible solution is to just ignore them, ban them, and carry on as before. Yet the consequences would be fatal! It would be a better idea to identify the need (early on) and to find acceptable solutions for it. The eco association recommends companies, for example, to provide suitable solutions for the specialist areas by the central IT department. This includes own internal chat tools or contact points to customers and suppliers via portal connections.

Shadow IT is a risk for data security, but it also shows that employees and departments require adequate software and work opportunities. Integration is a key element here.

Shadow IT: integration instead of exclusion

The crux of the matter is to integrate and involve employees and departments in finding solutions. Inform people about the consequences of shadow IT, but also about setting up and communicating usage rules and the advantages of other, preferably internal, solutions.

But: Strict monitoring of mobile devices, applications, and IT expenditures used by the departments should be an essential component. Not to isolate oneself technologically, but to sensibly integrate shadow IT into the corporate world. This requires platforms and interfaces through which systems and applications can communicate with each other and can be controlled and secured. Keywords: homogenization of the IT landscape and central information management.

Speed up and refine work routines

An other scenario that is often encountered: employees deliberately avoid the IT department because they feel that their approval processes are too slow and often they don’t get the solution they hope for. Instead of being perceived as a “driver”, IT is regarded more as an “objector/delayer” of digitalization. Education is needed here too, but what is more important is the acceleration of processes from, with, and to IT. Because this is increasingly affecting the entire company, a comprehensive workflow management system is a smart investment. Analyses should also be carried out as to whether processes are overloaded and, if so, whether they are refined and streamlined.

No man is an island (John Donne; 1572 – 1631). This applies in the digital age, even more so for departments. Confront isolated thinking by making company information available to all (authorized) employees via a user-friendly platform.

Isolated thinking casts long shadows

“When I think about software, the first thing I think about is my own department, regardless of what IT thinks.” Do you agree? Think again! A quickly self-installed software solution or private cloud services such as Google Drive, iCloud, etc. seem performance enhancing at first glance, for example, to support the exchange of data and cooperative work.

This kind of isolated thinking leads you to isolate yourself from others in the short or medium term and it is an incalculable risk for IT security: Outdated document versions are brought into circulation. Security leaks or even lengthy compliance cases are looming because confidential data has entered circulation. Or important information is lost altogether because employees use their own information/cloud silos that aren’t accessible to others.

This isolated way of thinking needs to be confronted. One possibility here would be a user-friendly Enterprise Content Management solution, which can centrally distribute and provide information.