Shadow IT has been an issue for corporates ever since IT first came out of the cabinet and into the hands of the user. Covid-19, ensuing lockdowns, remote working and the shift in the fundamental way that we live and work has led to a tangible rise in shadow IT across all sectors.
Not just employees
Shadow IT is when an individual or team set up a software or service without the approval of the organization. Research from the Everest Group pre-Covid indicated that shadow IT comprised 50% or more of IT spending in large corporates. In fact it is estimated that up to 71% of employees use applications that are not IT approved. This accelerated and increased since the events of 2020. Core found Shadow IT exploded by 59% due to Covid-19.
Even enterprises themselves took a “act now, solve issues later” approach to non-sanctioned shadow applications and cloud solutions. They too either deployed solutions without the usual procurement that would take place in “normal times” or they turned a blind eye as employees found ways to keep the business moving, clients informed and teammates updated.
This presents some key issues – obviously, there are security and privacy risks with unauthorized applications. There are challenges with compatibility as employees deploy different solutions to similar problems. Additionally, there are issues as Shadow IT creates multiple, fragmented data repositories that are not visible to IT and therefore not connected. All this can have cost implications – some estimates place data loss and downtime caused by Shadow IT to USD1.7 trillion dollars each year.
Messaging applications and Shadow IT
Shadow IT is not confined to just office-bound devices. Messaging applications like WhatsApp, WeChat, Signal, Telegram and LINE are a new form of Shadow IT – shadow communications. .
As Covid-19 forced employees to find new ways to communicate, the use of messaging applications for business communication exponentially increased. Employees downloaded messaging applications or using already established personal accounts.
These applications get installed and used on work phones and work computers as Shadow IT. Additionally employees conduct work interactions on these applications leading to a channel of conversations that is opaque to the organization.
The reality is, however, that not all Shadow IT is bad IT. Sometimes a need drives innovation. Messaging applications like WhatsApp, WeChat and so on are great solutions for easy communications that are barrier free for clients. Both employees and clients probably already use them which makes them likely Shadow IT candidates.
There are some specific issues with messaging applications as Shadow IT.
Governance and regulatory
Many industries have specific rules about conversations between customers/clients and employees. These conversations must be recorded, audited and maintained. This is particularly important for financial institutions. If employees download messaging applications that aren’t part of an authorized IT strategy, conversations on these apps aren’t recorded. In this case Shadow IT could have serious financial, reputational, HR and legal impacts.
Data privacy is central to communication with customers, regardless of the industry. While conversations over messaging applications can be encrypted, there is no consent control. The organization has no ability to track consent and there is no unsubscribe tracking. If the client’s details are sitting on a personal phone then there could be data privacy conflicts.
Content hubs/deep smarts
Conversations with clients contain information that is vital to good business decision making. However, conversations held on messaging applications aren’t connected to corporate tools like CRMs or other content hubs. There are also limited ways to share information with teammates who may not be part of the conversation but who needs to see the output. For example, an employee may have a conversation with a customer about their buying preferences and this information is important for product marketing. Product marketing however doesn’t need to be in a group chat with the customer. Sharing this information with business-critical applications, with teammates, and with analytics tools ensures that businesses don’t create data silos. They can reap the benefits of the deep smarts the data in these conversations could deliver.
How do organizations prevent these issues?
Shadow IT is to an extent a reality of business life. However, there are some easy solves when managing Shadow IT, especially for messaging applications and communications tools.
How an enterprise manages messaging applications is vital to ensure that they don’t lose control of conversations on these applications. Deploying a solution like LeapXpert’s Federated Messaging Orchestration Platform enables employees to use these applications to communicate with clients but from within a safe, centralized, compliant platform. Employees can communicate over multiple messaging applications from within one platform. Even collaboration tools like Microsoft Teams can be linked to ensure that your communications are streamlined. Employees get enabled, customers stay happy. Plus the enterprise maintains control of regulatory compliance, through guidelines and protocols and audits if required.
Employees will always find the easiest path of least resistance. Ensure your organization has open feedback for employees who want to deploy a solution or application. It may be that they have a valid reason. Educate employees on what Shadow IT is, why it is an issue and how they can engage with IT to find suitable solutions to their problems. For messaging applications ensure that they understand their roles and responsibilities if using messaging applications. Educate them on the policies, guidelines and rules for using a centralized platform like LeapXPert’s FMOP and how it can help them.
If IT Departments ban employees completely from finding solutions to their day-to-day problems, they risk employees going underground. This creates an even bigger problem, or pushes employees to go somewhere that is more dangerous. Instead, IT teams need to realize that some Shadow IT may actually be a solution that employees need – particularly in these pandemic times. However, IT Departments need visibility into employees’ issues so they can assess the risk and implement appropriate tools, technologies and controls on these services to safeguard the company, the customer and the employee.
To find out how LeapXpert is working with customers around the world talk to one of our experts.
Read more about the importance of keeping your business out of personal messaging accounts.