Shedding light on shadow IT: Yes, it’s a problem — except when it’s not

Shadow IT is viewed by many businesses as a problem because it indicates a loss of control over what technologies users have access to. But is this always a bad thing? The answer of course is, it depends. Why? Because the problem is not only one that’s complex and has many facets you need to understand, but also because the phenomenon of shadow IT extends beyond the boundaries of your company to your vendors, partners, and customers. So complex and difficult is the subject of shadow IT that we’ve discussed it a number of times in our WServerNews newsletter (see here and here for example) and recently also in several articles on our TechGenix website (for example this one and this one). But a technology or process that is viewed by some as a blessing and others as a curse is always worth revisiting because, well, times change. So to stay abreast of what the fundamental issues are with shadow IT today I spoke recently with Tyler Koblasa, the CEO of CloudApp, a company in the San Francisco Bay Area that offers an easy-to-use screen recorder that brings video, webcam, screenshot annotation, and GIF creation securely to the cloud so companies can capture, share, and accelerate their business communications. Tyler has been an entrepreneur since 1996 when he was an avid user of telnet, lynx, and gopher. He also previously founded and secured venture financing for Mingly, which was named a top 100 company for 2012 by Entrepreneur Magazine. You can learn more about Tyler from his LinkedIn profile.

MITCH: Tyler, how big a problem is shadow IT with the companies you’ve talked to?

TYLER: Cisco’s Shadow IT report highlights that while most CIOs believe their employees are using at most 50 apps, the data shows that there are at least 700+ apps being used across an average enterprise organization. Many organizations we’ve talked to are vastly underestimating the pervasiveness of shadow IT in their organizations.

MITCH: Is it a bigger problem with large enterprises or with small businesses? Are the kinds of problems the same or different for businesses of different sizes?

TYLER: It would be considered a “problem” in large enterprises and most likely a “feature” of small businesses. In many cases, the advantage of a small business is that you can bring your own device to work, sign up for the tools and services that will help you get your work done efficiently, and call it a day. For enterprises, there’s much more at stake, but they also have the resources to better maintain their security.

MITCH: What are the main types of cloud-based apps and services that employees tend to use to try and do an “end run” around the controls that the company’s IT staff have put in place?

TYLER: There are three main kinds of cloud-based apps and services that employees tend to use in their company to do an “end run” around company controls. These include content creation tools, like Google Docs, Quip, Box, and Dropbox Paper; video conferencing tools like Zoom, UberConference, and Joinme; and task management, like Trello.

MITCH: What sort of reasons are motivating users to do this kind of an end-run around IT?

While shadow IT often has a negative connotation for cybersecurity reasons, forward-thinking IT teams shouldn’t be afraid of using this strategy to identify potential products and solutions for their teams.

TYLER: There seem to be two objectives when implementing end-run applications. First, employees want to be more productive and efficient through apps they can access anywhere. Second, users want apps that maintain a “consumer” feel to them. In a world of Snapchat and Instagram, apps like Atlassian JIRA, ServiceNow, and Outlook can feel antiquated, boring, and almost off-step for where the world is going. When you’re young, enthusiastic, and ready to make a big difference in your workplace, apps that feel visually old and slow are not going to appeal to you.

MITCH: Are the third-party providers of such cloud-based collaboration tools in any way to blame for the shadow IT phenomenon? Are they complicit in why shadow IT happens so frequently in businesses?

TYLER: Cloud-based apps like Dropbox, Box, Trello, and CloudApp are direct results of the rise of shadow IT in companies. These kinds of tools have business models based on the idea that an employee can choose the product, tool, or service that they feel fits their requirements best. While shadow IT often has a negative connotation for cybersecurity reasons, forward-thinking IT teams shouldn’t be afraid of using this strategy to identify potential products and solutions for their teams. One of the most difficult tasks of an IT team is trying to identify the right tools for their company. By leaning into shadow IT on a small scale, while still taking the necessary cybersecurity steps, teams may be able to better uncover products in which to invest on a larger scale.

MITCH: What can providers of cloud-based collaboration tools do to help companies whose employees are using their services to get control over what’s happening and not let things get out of hand?

TYLER: One of the biggest concerns with shadow IT is the level of control the tool gives users with regards to access and data storage. Google, Okta, and OneLogin allow users to securely authenticate services and solutions and increase the feeling of control for users. If all B2B software providers worked to prioritize these concerns when developing their products, many of the potential consequences of widespread and unchecked shadow IT could be minimized.

MITCH: What has CloudApp in particular done in this area to help ensure that enterprises whose employees use their tools (either clandestinely or with the company’s blessing) stay secure and not become vulnerable to attack if the devices used by employees don’t abide by the company’s security standards?

As business leaders, we should create a culture that encourages our employees to safely explore new tools and services, including guidelines for ensuring proper cybersecurity protections are implemented

TYLER: In addition to working with our clients to address their unique needs, we also support single sign-on (SSO) features and encryption of data at rest and in transit. This is to ensure that any enterprise using our tools retains control over their usage, even if they are not mandated or officially supported

MITCH: Anything else you’d like to add about shadow IT and how businesses can keep a lid on it and prevent things from getting out of hand?

TYLER: As business leaders, we should create a culture that encourages our employees to safely explore new tools and services, including guidelines for ensuring proper cybersecurity protections are implemented. Our employees do the heavy lifting of identifying and evaluating new tools and technologies for the company, so we should provide them with a secure way to do that. If we encourage our employees to bring their suggestions to us and present them as possible alternatives or better solutions, then everybody is benefitted.

MITCH: Tyler thanks very much for giving us some of your valuable time.

TYLER: You’re welcome.

Featured image: Pexels

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top