Many managers outside of the IT department find themselves empowered to make technology buying decisions without first understanding security, compliance, and governance considerations. The resulting Shadow IT can lead to the following big problems for the CIO:
- The company’s data is insecure as it is distributed over too many sites
- Application Portfolio Management (APM) is impossible
- Identity and credentials cannot be systematically managed
- Integration or even alignment of processes is needlessly complex
Some companies deploy SharePoint to prevent this Shadow IT by addressing many of the legitimate business needs that drive users to adopt these unsanctioned systems. SharePoint solves business problems for users while maintaining the security and IT management standards their business requires.
SharePoint Can Be a solution
meets both the end user need for “App” style problem solving and IT governance best practices. Its security and permission features, eDiscovery, ability to integrate, and extensibility make it an enterprise ready IT system. SharePoint also has an answer to many of the needs and products that end users may seek out.
Nearly everyone uses some of the consumer grade tools listed below. They work well for personal content, but in a business setting, they are Shadow IT. SharePoint has analogous functionality for all of these tools and can be used to head off the need to employ them.
Dropbox and Box.com
File storage and sharing sites like Dropbox and Box.com make a user's files available on any device with a browser or app. These systems are ideal for personal files that need to be shared or accessed on several computers.
For business, they pose some problems. The consumer versions of these products do not have solutions for controlling who can access what information, constraining access from former employees, and eDiscovery and legal hold requirements
SharePoint goes toe to toe with these file storage and sharing products through its OneDrive
for Business offering, having all of the features end users love and the control IT needs.
Google Docs / Forms / Calendars
Most everyone uses the Google productivity tools in their personal lives. Google is mobile friendly, supports simultaneous editing, offers version controls, and makes sharing simple. Unfortunately, it also creates some headaches for IT.
Personal Google accounts cannot be centrally managed or controlled. Accidentally sharing confidential information with the wrong person is as easy as a mistyped email address. Former employees could end up having access to confidential information for years before anyone notices. Critical information could even be made public and searchable online.
SharePoint document libraries, calendars, and other basic intranet tools offer more robust collaboration, simultaneous editing, a variety of sharing options, and mobile access. The content is also manageable and controllable in keeping with IT best practices. Data loss prevention and right management are game changers in controlling corporate information.
Project Management Tools
There are literally hundreds of SaaS project management tools easily available to anyone with p-card. These tools are often free to start using and simple to adopt.
The trouble is, they also are an information silo. Besides the identity and security problems mentioned above, getting information into or out of these systems may be entirely impossible.
SharePoint works very well as a light project management tool. Especially for projects that require a lot of collaboration. For projects that lack the complexity that justifies full Microsoft Project
, SharePoint is a great fit.
SharePoint Solves Shadow IT
Once users are made aware of the variety of problems they can solve with SharePoint, they often decide that buying, deploying, training, and adopting a system outside of the sanctioned IT ecosystem poses too many risks, is too costly, and simply doesn’t make sense.
Of course, poor Microsoft SharePoint deployments can actually increase security risks, as it is another avenue through which information can pass outside of the company. Governance, Data Loss Prevention, Rights Management, and training are critical to enabling end users without exposing the company to phishing or other malicious behavior.
At Long View, we start our engagement process with security and governance in mind. We guide clients through the process of:
1) Envisioning how technology can help their businesses;
2) Minimizing risks;
3) Deployment; and
4) Management and ongoing maintenance.
Please contact us to talk about minimizing shadow IT in a compliant and secure way.