Shadow IT: What benefits for what risks?
Are you lost when faced with the multitude of SaaS tools available in your company and have no visibility into the applications available? It is not uncommon for a large part of the SaaS ecosystem to be hidden and unknown, even to the Information Systems Department.
The result is a swarm of SaaS applications, sometimes redundant but mostly invisible to other departments in the company, especially to the IT department, who is in charge of centralizing all this information. According to a Gartner study, this concerns 30% of a company's SaaS ecosystem.
This phenomenon is double-edged; while it allows for efficiency gains, it can also harm the security of information systems and lead to financial losses. An overview of the benefits and risks of Shadow IT.
Benefits of Shadow IT
More Employee Autonomy and Engagement
According to an Entrust Datacard study, 40% of employees report using a new SaaS application without seeking approval from their CIO. They believe that having the freedom to choose the SaaS applications they use on a daily basis increases their engagement with the company. This is not surprising, as employees feel empowered and therefore more engaged and satisfied in their work. By choosing their own SaaS tools, they will be all the more committed to making good use of them, which leads us to the second benefit of shadow IT: productivity gains.
Getting approval from IT can take time that employees can't afford to waste. This is a real freedom of expression that can lead to an increase in productivity and therefore performance.
Allowing the different departments of an organization to choose the most appropriate tool for their activities can lead in the end to an optimal use of this tool and thus to a gain in productivity. This is one of the advantages of the ever-increasing accessibility of SaaS applications and the fact that they can be selected directly. In this way, the various business units can optimize their working time, on tasks with greater added value. Thus, the multiplication of SaaS applications can also be seen as a way of enhancing innovation.
While its advantages are certain, we must not forget the flaws of shadow IT, which can tip the balance and make it a burden for the smooth running of the company.
The risks of shadow IT
Greater exposure to security breaches
Shadow IT means a lack of control by the IT department over the applications that enter your company's SaaS ecosystem. One of the key roles of the IT department is to ensure the security of the company's information system and the data on it, to ensure that no breaches occur and no information is leaked.
Only 25% of employees are aware of the security holes that can be created by using SaaS applications that are not supervised by the IT department. Moreover, it is not uncommon for data to be lost, but above all for the use of certain tools to result in non-compliance with regulations, particularly with regard to the protection of personal data. Since shadow IT is, by definition, "hidden", it appears very difficult, if not impossible, for legal and technical teams to ensure their regularity.
However, this threat does not seem to be strong enough to counteract the fact that one of the benefits of shadow IT is to gain agility.
When SaaS purchasing bypasses the IT department, the result is often a multitude of duplicate subscriptions, functional redundancy within the SaaS ecosystem and reduced usage due to more or less hazardous investments.
This represents a significant financial loss since many of these applications are used for a single project and then fall into SaaS limbo, with the operating contract fees for them being wrongly or otherwise always paid by the company.
Finally, keeping track of this entire ecosystem of applications on a spreadsheet is very time-consuming and, above all, unfruitful.
SaaS Management at the heart of Shadow IT control
The use of SaaS is booming and companies are using more and more applications. They need to equip themselves to automate inventory entry and so to control this plague while remaining focused on what is most essential to their business.
These negative effects are not unavoidable. It's all about control and organization. SaaS Management tools exist to allow you to easily supervise all the applications present in your company's SaaS ecosystem. How to proceed?
Four steps to better control your shadow IT:
Discover: first, sort through your applications, identifying underused applications, redundant usage and tools that would not be compliant with regulations.
Secure: then, set clear security criteria that must be met by any employee who decides to subscribe to any SaaS application. It is indeed important to implement processes upstream to avoid that some non-compliant tools slip through the cracks and represent a risk for your organization.
Optimize: Finally, adopt a SaaS Management tool that will allow you to have a global vision of your entire ecosystem. As soon as an application enters your application portfolio, it will be visible on this tool, which acts as a true showcase for the entire ecosystem, with its main characteristics such as its purpose, the duration and renewal mode of the contract attached to it, the number of licenses and their costs, as well as the validation of its compliance.
Navigate: Although this type of tool can be your real partner during the rationalization phase, it remains useful to permanently control that shadow IT does not reappear.
Finally, SaaS management is an important security solution for the IT department, allowing it to supervise its shadow IT while keeping an informed eye on all its investments.