Some of the most controversial issues coming out of Washington D.C. in the past few years have been IT issues as much as political issues. When the headlines say, “Hillary Clinton Used Personal Email Account at State Dept., Possibly Breaking Rules,” or “Vice President Pence used personal email for state business — and was hacked,” the underlying issue is something that affects every business or organization in the world — shadow IT.
The problem is the role of “shadow IT” in the modern business world. Google’s Gmail now has more than 1 billion active users, most of which are personal email accounts. In addition, modern workers can use any of thousands of free or cloud-based applications to do their work and will often use them without the knowledge of their IT department. The fact is that this is a world-wide phenomenon. If it helps get the job done, people will always manage to find a way to go around IT restrictions.
We Have A Shadow IT Problem
The fact is that executives and employees will use whatever technology is available; some will use it for efficiency, or competence, while some may use it to avoid public disclosure. In addition, Bring Your Own Device (BYOD) policies allow employees to use their personal devices for work, but also make it nearly impossible for IT departments to control what workers do with those devices. It’s up to your Chief Technology Officer (CTO), IT Department, or IT service provider to find ways to highlight this shadow IT issue and to recommend ways of dealing with it as part of an information governance framework to ensure that you can comply with any legal and regulatory requirements.
The risk of failure can put an organization in serious legal jeopardy if it’s faced with a lawsuit or regulatory request. Executives or employees who are found to use non-sanctioned software or have destroyed or deleted messages outside of the IT department’s purview can result in sanctions, fines, or other penalties to your company. The challenge is compounded when employees use encrypted apps like Signal or self-destructing apps like Confide. Those services might seem like a good way to communicate sensitive issues with clients or colleagues, but they create a risk that records will not be preserved in accordance with federal law. The issue is not necessarily in using these applications, but the compliance concerns that arise when users don’t copy or transfer business records to a company-sanctioned backup or storage system.
What the Shadow Knows
If Shadow IT sounds like an impossible problem to resolve, know that there are strategies for controlling and containing the practice. Here are our best practices and recommendations that we share with clients who are worried about the issue:
Best Practices in Confronting the Reality of Shadow IT
1. Develop an understanding of what your employees need to be efficient and effective in their roles. Seek out technology solutions that will provide the tools needed reducing the need for ShadowIT.
2. Develop a robust information governance policy that covers the emergence of shadow IT in the workplace.
3. Educate employees about the dos and don’ts of using personal devices for work.
4. Employ IT solutions to protect information.
5. If your organization is subject to records requests or may face litigation, make it easy for staff to copy or forward messages to official recordkeeping systems.
6. Don’t allow the use of self-destructing messages or apps like Signal, Confide, WhatsApp, or Snapchat for work.
We understand that technology can either be a blessing or a burden, depending on how it’s used. Many IT departments are overwhelmed with the increasing demands of an ever-changing technology landscape and can benefit from the help that a Managed IT service and dedicated Virtual Chief Information Officer (vCIO) can bring to their organizations.
We’ve outlined the top six benefits of a vCIO in our infographic below, so be sure to check it out. Then, reach out to discuss your technology challenges and to see if enlisting the help of a vCIO as part of a Managed IT solution is right for your business.