The Smart MSP’s Response To Shadow IT Threats

As BYOD, the cloud, and the consumerization of IT gain traction in your customers’ businesses, a potential security threat known as shadow IT comes with it.

You don’t have to search very hard to find an IT trend article touting the massive adoption of consumer-grade mobile devices (primarily tablets and smartphones) and cloud services being used in enterprises of all sizes and across all verticals.

Research firm MarketsandMarkets estimates the BYOD and Enterprise Mobility market is growing at a 15 percent CAGR and will reach $181 billion by 2017. A study from Skyhigh Networks, which monitors the use of cloud services for businesses, found that the average enterprise uses 545 cloud services, which is approximately 500 more than the average CIO is aware of. What these trends point to is the stark reality that employees aren’t waiting for IT’s permission to download apps and deploy a myriad of cloud-based collaboration services they feel help them do their jobs better.

Not only are these rogue content sharing and social media services consuming enterprise bandwidth (YouTube, Pandora, and Facebook are among the top 10 highest volume services), but there’s also a very real security risk. What’s more is that the same study reveals that IT blocking initiatives, which are more often deployed to block services based on productivity loss as opposed to risk, were found to block only 8 percent of high risk services.

As your clients’ trusted business advisor, it’s important to first recognize the reality of this threat and secondly to understand that your clients may be completely oblivious about this matter. Engage your clients and educate them about them about the risks shadow IT poses to their companies. And, once they agree this threat is real, help them implement best practices. Here are a few to start:

Adopt a Shadow IT Policy

One of the biggest reasons shadow IT flourishes within organizations is because there’s no definitive standard governing the devices and apps employees can and can’t use. Even though an IT person may talk to individuals on a case-by-case basis, many operate by the philosophy that silence is approval (also translated: “It’s easier to beg for forgiveness later than it is to ask for permission upfront.”). You can help clients reduce this threat by developing IT policies that define acceptable use policies around company-issued and employee-owned computing devices used on the company’s IT network (both wired and wireless).

Security software vendor Symantec saw this as important enough of an issue that it consulted members of more than 65 groups to get a better understanding about how to create an effective BYOD policy, which fits in perfectly with developing a shadow IT policy. According to its research, a good place to begin developing a shadow IT policy is by having a client consider how certain consumer devices, apps, and cloud-based services line up with its business goals. Reasons for allowing consumerized IT into the workplace could include: “to increase employee satisfaction,” “to reduce capital expenditures for hardware,” or “to reduce IT support costs.”

It is important to note, however, that agreeing to allow some consumer devices, apps, and services into the organization, doesn’t mean it has to be a free-for-all. And, that’s where MSPs and IT service providers can help clients draw the line with regard to which devices, apps, and services to permit and which ones to declare off limits at work. Kraft Foods is a good example of a company that’s finding this balance.

According to Kraft CIO Mark Dajani, Kraft virtualized its applications environment so mobile workers could more easily use their Android devices at work. However, Kraft employees must keep their software up to date otherwise they’re locked out of Kraft’s network. Helping your clients create similar policies sends the message to employees that the consumerization of IT is not a one-way street and everyone needs to work together to make it work.

Drive Employee Satisfaction Without Compromising Business Security

Security tools exist that enable MSPs to help clients identify exactly which devices, apps, and other network-related services are being used on the corporate network. Offering this as a service can be a great way to help customers get a handle on their shadow IT issues. It’s important to pay particular attention to high-risk applications, which according to the Skyhigh report includes file-sharing services such as CloudApp, RapidGator, Zappyshare and Uploaded as well as bandwidth-hogging services such as YouTube, Pinterest, Vimeo and Photobucket.

If there’s one thing about customers’ networks — especially in today’s BYOD environments — it’s that they’re constantly changing. It’s not feasible to manually monitor a client’s network and to expect to catch every shadow IT policy violation that may occur. This is where a network security solution that includes network access controls, bandwidth and application monitoring, and automated alerts can be a huge asset to help an MSP looking to protect its clients from an array of vulnerabilities created by BYOD and other shadow IT activities.

Don’t Neglect BCDR’s Role in Your Shadow IT Strategy

Some MSPs and end users may think only of IT security solutions when it comes to addressing Shadow IT, but having a reliable BCDR (business continuity and disaster recovery) strategy is an essential component as well. That fact is that as much as businesses attempt to lock down their networks and enforce best practices among employees, problems will occur — whether from accidents or outright defiance. When network security breaches occur, it’s not uncommon for mission-critical files, folders and apps to become corrupted or deleted during the clean-up process. This is where having a secure, cloud-based backup can be a lifesaver, allowing the MSP to quickly locate the most recent working version of the missing or corrupted data/file and to perform a data restore.

No matter what IT challenge your customers face – whether hurricane, flood, accidentally deleted file or a shadow IT-related “situation” – it’s nice to know that their trusted business advisor has them covered. And, only with a reliable BCDR solution can an MSP make that claim with confidence.

Neal Bradbury is co-founder and VP of Channel Development at Intronis.