Shadow IT has plagued organizations for years, but the pandemic—and the rise of remote and hybrid workforces—has only exacerbated this issue.
With 77 percent of organizations adopting a hybrid work model, a large portion of employees will likely continue to operate outside the bounds of IT. Even before the start of the pandemic, Gartner predicted that about one-third of successful enterprise security breaches would be on data located in shadow IT resources.
The line is now blurred between ‘personal’ and ‘business’ devices, services and apps. Employees no longer go into the office to host a video conference, give a presentation or collaborate on a project. They can do that from the convenience of home (or on the road) with a smartphone. And sometimes, they’re doing that from unauthorized devices, software services or applications, which bypass policies set by IT and pose security risks.
But it’s not only an issue with remote employees. The use of shadow IT is expected to accelerate as line-of-business managers make choices to deploy cloud-based applications outside of IT processes and procurement. It’s not that managers and their teams have bad intentions; they’re simply looking to create and collaborate with tools they’re familiar with—especially if they’re dissatisfied with the tools officially sanctioned by IT.
Why blocking unauthorized apps doesn’t work
On one hand, shadow IT can encourage collaboration and boost productivity. On the other hand, it creates security, privacy and compliance risks, from malware infections to data theft. That means organizations need to gain a true understanding of which devices, software and applications their employees are actually using to better assess their security gaps.
But simply blocking employees from using unauthorized consumer apps doesn’t tend to go over well—and they might just look for another unauthorized app to do the same job. A better approach is to educate users about the risks of shadow IT while providing them with a better set of tools—ones that can be securely managed.
The best way to stop unwanted behavior? Give users what they want.
Google Workspace, for example, provides users with a complete set of business-grade tools: Google Drive for file storage and sharing, Google Meet for video meetings and Google Chat for messaging, as well as Docs, Sheets and Slides. And for IT managers, it offers robust, secure infrastructure.
Google has also invested in ‘conversion fidelity,’ which means Google Workspace users can collaborate with anyone using legacy files in Office formats, without any format conversions. Employees can view and edit Office files right in Workspace, without the need to install Office. That means IT admins can better manage shadow IT by allowing employees to safely access the right data and applications from any device.
Step up your Workspace security posture with Pythian
To truly take advantage of this robust, secure infrastructure, you may need strategic guidance on how to best manage your Workspace environment, especially for remote or hybrid workforces. Many IT managers don’t have the direct experience or time required to do this, and they may not be getting any help from their licensed reseller.
Pythian can help you get the most out of Google Workspace with our Managed Google Workspace Administration service, which provides best practices, support, training and more. Our team of Google Solution Experts can also provide a fixed-fee Google Workspace Security Assessment of your current configuration and security settings, offering remediation, improvements and recommendations and implementation to boost security.
So if your organization is struggling to get a grip on shadow IT, the inherent security features in Workspace combined with Pythian’s extensive experience in data security may be the answer you’re looking for.
Already have Google Workspace and looking to get more out of it? Download our Google Workspace IT Managers guide today, or schedule time with one of our Google Workspace and security experts to discuss your needs.