BYOD, BYOA, BYOx. The IT industry is full of acronyms depicting its constant evolution and relationship with the professional world. First came the devices; employees saw the power of personal devices and insisted on using them in the workplace. And so the consumerisation of IT was born.
After the devices came the apps. Companies reported greater productivity and higher employee satisfaction at enabling Bring-Your-Own-Device policies, but attention then turned to the applications being used. And IT executives were left wondering whether they would face a similar ‘revolution’ to the one that followed BYOD – the ‘Bring-Your-Own-Apps’ trend where employees choose the virtual tools needed to empower their devices and facilitate jobs. Recent research we conducted alongside Frost & Sullivan’s Stratecast proves that the app revolution is already here, but with some slightly insidious repercussions – ‘Shadow IT.’
Our global study, which questioned IT and enterprise decision-makers, aimed to uncover the extent and risks of unauthorised Software-as-a-Service (SaaS) applications. It found that more than 80 per cent of employees use non-approved SaaS applications in their jobs, with IT employees actually using a higher number than other company employees.
These SaaS applications are also referred to as ‘Shadow IT’, a term which broadly describes the use of technology solutions within an enterprise that have not been approved by the IT department or adhere to policies. Why is this happening? Low-cost, ease of access and ease of maintenance are factors, as is the cloud, which acts as a vehicle for employees to acquire and deploy these applications without involving anyone else. This ‘self-serve’ behaviour puts business at risk; in most cases, IT departments and security professionals are unaware of the extent of ‘Shadow IT’ and consequently are underprepared.
The current state and prevalence of ‘Shadow IT’ presents a great opportunity for resellers looking to engage with the many businesses struggling to understand their sprawling software use and the security implications of this. Deploying SaaS apps without the appropriate technical knowledge means corporate standards for data protection and encryption may be unknowingly neglected. This is particularly important for businesses managing sensitive customer or third-party data. Resellers should recognise the much needed help and guidance businesses need to ensure systems are in place to mitigate against the associated risks that deploying non-approved applications have within business. Although employees’ intentions aren’t malicious and are indicative of a workforce trying to be productive in a hyper-competitive market, the use of ‘Shadow IT’ within business can have severe repercussions on security and compliance.
The study highlighted a lack of understanding on the part of the employee, and lack of awareness and readiness on the part of the businesses that pressingly need to be addressed. Similarly with BYOD, the answer is not preventing employees from using these apps — it’s about striking the right balance between flexibility and control.
The channel can and should work with IT and business leaders to create and support policies that enable employees to use the apps they need while still minimising corporate risk. These policies should be built around security solutions that provide employees with secure access to a broad range of recognised SaaS options. The ability to control app usage – for example allowing users to access Facebook but restricting the ‘chat’ function or automatically encrypting files before they are uploaded to a file-sharing site – is also key. Tools like McAfee Web Gateway can track web traffic and automatically provide proactive protection against malware, as well as block undesirable URLs, prevent outbound data loss and enforce acceptable usage policies.
The right security solution, together with education, policy control and consistent communication with employees can make the difference between a business that is agile, innovative and competitive or closed and removed from the opportunities around them. The channel has a crucial role in helping enterprises to shine a light on this new behaviour and ensure that when it comes to the competition, they aren’t left behind.