By Paul Davenport, Marketing Content Manager at AppNeta

With concerns around data privacy starting to mount in seemingly every corner of society, it's critical that IT teams establish workable (and realistic) internet use and network policies. But with 20-50 percent of enterprise app spending taking place "in the shadows" -- that is, without the knowledge or direct consent of IT -- enforcing best practices is yet another new struggle that IT teams wrangle within the age of SaaS. 

"Shadow IT" has exploded in the enterprise space alongside the booming popularity of business-critical SaaS. This is the double-edged sword of enterprise cloud migration, as SaaS solutions can quickly (and cost-effectively) be deployed without the need for enterprise IT to build, deploy, or own management of their own tools and workflows. After all, with the role of IT changing from "a technology-driven cost center to a value-based service brokerage," according to a recent Salesforce report, teams are looking for any method they can to streamline deployment and play a proactive role in serving end users.

While Shadow IT may be frustrating for IT teams that are already grappling with radical changes to their network infrastructure, it's not always conducted with ill intent. More often than not, it all comes down to a simple preference of one platform over another. A company may choose Google Hangouts as their go-to collaboration platform, for instance, while a specific department prefers Slack and leverages that platform for their internal comms. But even seemingly harmless reasoning like this can be risky.

Take, for instance, recent research from McAfee that found 144 apps in the Google Play store that had secretly contained a malware called Grabos. The virus was masked innocuously as an audio player within each app, and was only discovered after more than 17 million downloads.

But it's not just a threat of malware that should have network teams on the lookout for Shadow IT. When rogue applications are rampant on the network, it could be a response to dissatisfaction with the existing policies and approved apps that teams use to complete their work. If employees are driven to take matters into their own hands by resorting to Shadow IT, then network teams may need to rethink their approach.

To get a handle on how teams can shine a light on Shadow IT and address it appropriately, teams need to take the following steps:

1. Gain a sense of the company's complete app landscape. When network teams don't have visibility into all apps leveraging total network capacity, it not only leaves IT blind to potentially malicious applications in use: Teams will also lack visibility into how non-critical apps are impacting the performance of important ones. Even if it's a matter of employees using alternative solutions to get the job done, understanding employee habits versus what's prescribed by the company policy can help IT rethink how they allocate network capacity.
2. Baseline performance and explore other solutions. After successfully gaining a grasp on the company's app landscape, IT should use this knowledge to explore what solutions/policies have been working while highlighting areas for improvement. If a team abandons one collaboration tool for another, for instance, IT should evaluate if it was simply a matter of UX preference, or if it was actually a performance issue that IT could remedy to help get all users back on the same page. Similarly, if Shadow IT has unearthed a more attractive new solution (more cost-effective, for instance, or it delivers better UX while needing less bandwidth) it might be time for IT to make a switch.
3. Use newly-gained visibility to help enforce new policies. It's all really simple, at the end of the day: Enterprise IT needs a comprehensive view of the network and visibility across the board to be effective at any part of their job. This doesn't necessarily mean dedicating manpower specifically to policing end users and holding them to task. Instead, teams need to employ lightweight -- that is, low bandwidth and easy to control -- solutions that can deliver real-time insights from a single pane of glass.
   

With continued, active visibility, IT will know whenever rogue apps pop up on the network and who to ping about it. But rather than taking a policing approach, IT should use this as an opportunity to build a bridge between departments that turned to Shadow IT in the first place, recommending new tools or proactively assisting when performance laps.

##

About the Author

 

Paul Davenport is the Content Marketing Manager for AppNeta. Paul has an extensive background in the B2B tech space leading content creation and public relations. He studied Print & Multimedia Journalism at Emerson College.