Reducing Shadow IT with Smart Document-Sharing Policies

Shadow IT refers to the practice of circumventing an organization’s technology-related policies and using tools or techniques that have not been approved for use. This usually involves an end user who chooses to secretly deploy or use an IT resource that is either unapproved or that has been strictly forbidden.

While shadow IT use can sometimes be attributed to malicious intent, that tends to be the exception rather than the rule. More often, shadow IT is a symptom of an unmet need. Users may feel that they lack the resources that they need in order to do their job, so they set out to procure those resources through unofficial channels. In other cases, a user may have everything that they need but knows their job would be easier if they had access to different technologies.

Whatever the reason, shadow IT can be a huge problem. It isn’t so much that the user has had the audacity to defy the IT department, but rather that the user may be putting the organization at risk by doing so. In the case of a user who adopts an unsanctioned document-sharing platform, for example, the user may unknowingly introduce data security risks and compliance violations, among other problems. Clearly, shadow IT can be a huge problem.

Interestingly, shadow IT is one of those problems that has existed in various forms for decades. As an example, when Wi-Fi first became a mainstream technology in the 1990s, many organizations banned Wi-Fi use because of security concerns. However, many company users were known to be purchasing their own Wi-Fi routers and using them in defiance of the IT department’s ban. All of this is to say that shadow IT takes on many different forms, it has been around seemingly forever and it doesn’t seem to be going away any time soon.

The good news is that because shadow IT has been around for so long, there have been plenty of studies on the most effective techniques for reigning in shadow IT. The general consensus seems to be that you can’t prevent shadow IT by blocking its use or by threatening to punish those who engage in the practice. Users always seem to find a way around these obstacles.

Provide Better Alternatives

The best way to reduce shadow IT is to provide the users with technology that addresses the unmet need that drove them to use shadow IT in the first place. As an example, you may be able to get users to stop using consumer document-sharing platforms if you provide them with an officially sanctioned platform that is known to be secure and compliant, but that is also easy to use and provides the capabilities that your users want. However, providing a compelling alternative alone might not always be enough.

Suppose for a moment that a user has engaged in shadow IT and adopted a particular technology. Now, imagine that the organization provides access to a new technology that is meant to act as a more user-friendly alternative to whatever it was that the organization had been using. In this example, what incentive is there for the user to give up on shadow IT and begin using whatever it was that the organization made available to them?

In all likelihood, the user probably is not going to abandon the shadow IT tool that they had been using. For the user, there is a level of comfort associated with using the tool. Even if the new tool that the company is providing access to is every bit as good as the user’s preferred tool, the user may continue engaging in shadow IT, just to avoid having to endure the learning curve associated with the new tool.

Use Training

This is where training comes into play. You can use training not only to familiarize the user with the tool, but you can also use it as an opportunity to clarify the company’s stance on employee use of approved platforms. Keep in mind, though, that your policies will only work if employees understand why those policies exist. Therefore, it’s important to communicate which tools are approved for use and why.

Of course, this doesn’t simply mean that you should make your case against the use of shadow IT and hope that your users go along with it. Shadow IT will only stop when the secure, corporate-approved tool or platform is also the easy and convenient option.

Make Shadow IT More Troublesome to Use

That being the case, one of the strategies that some organizations use is to make using shadow IT more trouble than it’s worth. So what are some things that you can do to make your authorized document-sharing platform more attractive to end users, while also making shadow IT less attractive?

As previously noted, users probably aren’t going to go along with IT’s requirements unless the secure option is also the easy option. Therefore, look for ways to make your organization’s document sharing platform the easy choice. For example, you might use SSO as a way of giving users frictionless access to the company’s document-sharing platform from their work account.

Another thing that you could do is to look for ways to integrate your document-sharing platform into applications that users work in all the time. Suppose for a moment that your users spend a lot of time in Microsoft Teams. If you integrate your document-sharing platform into Teams, then user’s files will be readily accessible without leaving the Teams application. The same cannot be said of the unsanctioned platform.

Another step that you could take is to implement automated document lifecycle policies that either delete or archive aging documents. By doing so, you are cutting through the clutter, making it easier for users to find exactly the documents that they are looking for.

These policies should collectively increase the odds of your users adopting your organization’s document-sharing platform as opposed to the users going rogue. However, there is one more thing that you might be able to do. The user’s covert document-sharing platform will be of no use to them unless they can actually use it to share data with one another. In order to do so, the users will have to transfer data from the sanctioned document-sharing platform to the unauthorized platform. That being the case, you could configure your data loss prevention solution to help detect and block these types of unauthorized data transfer requests.

Wrap-up

Implementing smart document sharing policies can help reduce the risks associated with shadow IT. By establishing clear guidelines and leveraging advanced security features, organizations can better manage sensitive information while enhancing collaboration and productivity.

Related read: What is poor document management costing you?