You may be reading this now because you’re ready to tackle shadow IT before it becomes worse. You know about it and need to do something, or you risk looking negligent.
Acting alone, you may not be able to prioritize shadow IT. But working together with the relevant stakeholders and educating the right people can get you far.
Educate, Educate, Educate: Give Form To Nebulous Shadow IT
People like to fix what they can see. And shadow IT, by definition, is difficult to see. How can you convince others to prioritize tackling this ambiguous problem?
Consider putting this in hardware terms. If you found that your company had dozens, hundreds, or thousands of unknown PCs connected to data in your network, would that be a low-priority issue or an emergency? Well, instead of PCs owned by employees, they’re servers owned by other companies.
The more people that share or have access to data, the more likely a breach will occur at some point.
4 out of 5 of data breaches are caused by human error and the average data breach costs nearly $4M. Now think of how costly shadow IT could be, given how wide it has spread:
Cisco reported that large enterprises use over 1,200 cloud services on average, and fewer than 50 of those cloud services are known by IT.
CIOs guessed that, on average, their companies have 51 cloud services, but actually had 15-22 times that amount.
Gartner found that shadow IT is 30-40% of IT spend; Everest group says it’s 50% or more.
So in the dozens, hundreds, or thousands of shadow software applications being used, how many could contain sensitive data? One is too many.
Enlist Other Departments Or People
Other people or departments may have some interest in curtailing shadow IT. Consider speaking with them and getting their support before starting an initiative:
Finance – The financial impact of data breaches should have the eye of any financial planning professional with concerns about liability.
Procurement – People that need to purchase software solutions for others would want to know what software people are using and why, especially if people bypass procurement’s well-negotiated enterprise solutions.
Compliance – It’s someone’s job to conduct audits and ensure company compliance with regulations. They can only audit what they know about.
Security – Like with compliance, there are likely people that want or need to know where data exists so that steps can be taken to ensure it’s secure.
Once you gather some allies, it’s important to have a plan and recommendations.
Know What You Want In A Shadow IT Cleanup Project
Any effective project to manage cloud applications should have at least three goals, increasing in complexity:
1. Discovery and Visibility – See the software people use and who those people are.
2. Cost Management – Document the costs associated with the users and licenses discovered.
3. Governance – Use newfound information to take action.
Alpin gives you the tools to automate discovery, cost management, and governance. Try Alpin with a couple clicks if you’re interested. Or you could take the manual approach:
1. Meet with all departments and inventory every single app in use.
2. Store what you find in an organized manner- here’s a spreadsheet template you can use!
3. Maintain the list.
However, there are a few things you may miss out on if you go the spreadsheet route:
Automation – Is managing SaaS really worth a big chunk of a skilled employee’s expensive time? Alpin discovers your cloud app ecosystem in seconds, not hours or days.
App Utilization – Would it help if you could see, automatically, if people have logged in to an app recently? When you hear “my team loves this, we need it!” you don’t have to completely take their word for it if you have utilization data.
Activity – Alpin shows what users are doing with some apps. For example, you can see who is publicly sharing sensitive files or folders.
Looking to try out a SaaS management app? Well, you can sign up right now and try Alpin at no cost. If you’re still learning, check out our ebooks on cutting SaaS costs or dealing with Shadow IT. You’ll learn a lot more about what Alpin can do.
Want to talk more? Contact firstname.lastname@example.org or stay in touch by subscribing to our weekly roundup – which includes news, useful tips about SaaS apps, and our latest blog posts.