After ages of struggling to get VPNs to reach work resources remotely, none of us could have dreamt of the sheer simplicity cloud applications are offering us right now. If you’d been told a few years back that a single click could log you into your work network from your home, you’d have laughed at the idea. Now that dream of remote connection is a reality for users, but it’s on the verge of becoming a nightmare for many IT admins.

What is shadow IT?

The cloud offers solutions for every need users have. Applications are available readily on the cloud and employees use them to get their work done more efficiently. Shadow IT is when these applications aren’t IT approved or IT admins are unaware of their use.

With no visibility into which applications are being used by whom and for what purposes, IT admins are forced to grapple in the dark, trying in vain to control costs and ensure data security. IT teams generally incorporate a meticulous procedure of application evaluation in a test environment before authorizing any application. They do this to avoid security breaches and eliminate any possibility of an application being incompatible with the organization’s current setup.

Engaging in shadow IT is fairly straight-forward, but has far-reaching consequences. As easy as users find it to bypass the IT team’s approval, they fail to scrutinize the reliability of the applications they choose. With not so much as a second thought, users enter vital enterprise data into unauthorized cloud services, leaving data security a gamble. Gartner predicts that by 2020, one-third of successful attacks against enterprises will be on their shadow IT resources.

What can IT admins do to address shadow IT?

The rise of shadow IT is primarily due to the slow adoption of cloud applications across organizations. Users often opt for shadow IT since it bypasses the slow and tedious process of waiting for authorization from admins. To battle shadow IT, IT admins need two things: visibility and control.

Visibility into which applications are being used by end users will provide insights on end users’ immediate requirements. IT admins can evaluate each product to check for reliability and security. If an admin evaluates an application and finds it safe for use, they should authorize its use for end users. IT admins can blacklist applications found to be unsafe, block their usage, and find an alternative application which would achieve the same functionality without compromising security.

ManageEngine Browser Security Plus is a tool that IT admins can use to obtain visibility on what applications are being used in their networks and also to allow or deny access to specific web applications. This will not only help IT admins keep costs in check but also ensures security without compromising on user productivity.


Product Consultant