Anybody can download and install an application with a few clicks. Software vendors go out of their way to make it easy to use their apps. People download whatever they want on their personal computers, smartphones and tablets without approval of or assistance from an IT person.
Today, people are empowered to take the same do-it-yourself approach in the workplace, including higher education. For example, a professor might find a free application that makes it easier to share content and assignments with students. A faculty member might have been referred to an app for monitoring student performance. They can simply download the app and configure it to suit their purposes without going through IT.
Everyone’s happy, right? Not necessarily.
Shadow IT is the usage of hardware or software without the knowledge or approval of the IT department. Traditionally, shadow IT occurred when an employee wanted to use a certain kind of technology but didn’t want to go through the often long and tedious process of having that technology approved and then managed by IT. However, the cloud has expanded access to more tools and services, making it easy for today’s tech-savvy users to find and deploy the apps they want on their own devices.
Shadow IT may seem like a simple, convenient solution to a problem, but it can create more problems than it solves. Shadow IT creates security risks because these apps can’t be secured in the same way that supported, authorized apps are secured. Applications used without IT knowledge can use up network bandwidth and throw a monkey wrench into application protocols. Also, many consumer-grade applications don’t meet minimum requirements for regulatory compliance.
The gut reaction is often to crack down on shadow IT and make it more difficult to download apps. That could mean tough restrictions on devices and blocking a number of apps and websites. However, such an approach isn’t practical, especially in higher education where potentially thousands of new devices and applications enter a school’s IT environment each year with the incoming freshman class. This approach also fails to recognize the needs of the end-user.
Instead, colleges and universities should address the issues that cause shadow IT in the first place. Look for ways to reduce the time required for evaluation, provisioning and deployment. Instead of leaving it to IT to determine if a request is a high priority, make sure all relevant departments have a seat at the table when making decisions about new technologies. Encourage communication and help end-users select, consolidate and manage technology. Educate faculty, staff and students about the risk of shadow IT, provide a list of approved applications, and enforce institutional policies when security and compliance are threatened. Establish an IT culture that balances responsibility and flexibility.
The risks are very real but, in some ways, higher education IT departments can benefit from shadow IT. Shadow IT tools may work better than those approved by IT. Listen to the people in the trenches. By looking for ways to allow these apps instead of simply banning them, IT gains the trust of users and contributes to their productivity. This also allows IT to test new applications with a small group of users before widespread rollout.
Shadow IT can be dangerous, but it can also be an opportunity. College and university IT departments would be well served to address the causes, not the symptoms. Communicate with faculty and students, and instead of imposing restrictions, focus on improving productivity and the user experience.