A recent study shows that despite efforts by business leaders to encourage the use of enterprise applications, rogue IT practices are still alive and well in the workplace.
According to McAfee, over 80 percent of survey respondents admitted to using unapproved applications for work purposes. The study also found - somewhat surprisingly - that these practices are gaining traction with IT teams as well as workers in other non-technological departments. Researchers found that 81 percent of typical business users leverage an unapproved program, but 83 percent of IT staff members take part in rogue IT.
This finding is particularly worrisome, as if anyone should understand the dangers of shadow IT activities, it should be the individuals in the IT team. If these employees are supporting rogue programs, it signals a time for change.
"There are risks associated with non-sanctioned SaaS subscriptions infiltrating the corporation, particularly related to security, compliance, and availability," noted Stratecast Cloud Computing program director Lynda Stadtmueller.
However, these practices can become even more damaging when employees with little technological experience are taking part in them.
"Without appropriate knowledge, non-technical employees may choose SaaS providers or configurations that do not measure up to corporate standards for data protection and encryption," Stadtmueller said. "They may not realize that use of such applications may violate regulations concerning handling and storage of private customer data, leaving the company liable for breaches."
How to fight shadow IT: Educating employees, providing usable approved applications
One way to fight off the dangers of rogue IT practices is to educate employees about the issues such activities can cause. Administrators should explain the importance of keeping sensitive information protected, hammering home the point that unapproved applications do not have the proper security configurations to achieve this.
Foxtail Marketing CEO Mike Templeman also suggested looking into the unapproved programs workers are using and allowing them to explain why they decided to use these apps in the first place.
"By making space for communication to be open and honest between the IT department and frontline staff, loopholes and security issues can be pointed out much more quickly instead of being hidden in order to preserve the exploit," Templeman wrote.
Furthermore, this information can also help guide the development of approved apps that employees will actually use. Decision-makers should ask about the features and capabilities staff members enjoy about their consumer-level programs and pass this information onto developers. This way, app creators can leverage component suites and HTML5 widgets that mimic the abilities offered by rogue apps.