How Microsoft 365 can be used to tackle Shadow IT

Blog by: Jeremy Parker, Operations Director, Adept4 - 07-Dec-2017

One of the greatest threats to the IT estate comes in the form of Shadow IT - applications and utilities that individuals or even entire departments have added without consulting the IT department. Unauthorised, this software is essentially invisible to the IT team which means it isn’t managed or updated and won’t feature on any patch schedule. It may see the user directly contravene IT governance procedures and the software itself may jeopardise the stability of the business and flout compliance regulations. 

This invasive tech may sound menacing but often people have installed or gone to web-based applications simply to make their work easier - marketing departments have typically been guilty of this. According to a recent report by McAfee, up to 80 percent of employees admit to using non-approved SaaS applications. Other departments opt to ‘go it alone’ because they don’t want to wait for official sign-off from IT. Despite these good intentions, by 2020, Gartner predicts we could see a third of all security breaches attributable to Shadow IT applications. And it’s not a matter of size; businesses from across the spectrum are vulnerable. 


The dark side 

The most popular solutions often concern how data is shared. A great example are viral solutions such as Dropbox and Slack, uptake of which demonstrated the hunger for collaborative easy to use applications among the workforce and conversely the struggle businesses face in trying to keep pace with innovation. Two years ago, the rise to prominence of these applications saw a knee jerk reaction to block shadow IT but this has since been superseded by a more realistic approach that accepts that shadow IT needs to be acknowledged and managed. 

Managing Shadow IT is no mean feat. It typically involves restricting access to applications on the network but realistically this approach can be complex to implement so remains the preserve of big business. 

To us, the solution seems deceptively simple: select a platform where users are accommodated. Give them the tools they need to do the job. Provide them with collaborative applications that are so versatile that they can share data over the platform without the user having to dip in and out of applications. Make access to one another and the data as seamless as possible. In short, meet user needs and there will be no need for them to seek alternative workarounds. 

The weak point 

What Shadow IT can’t solve is the problem of data silos. Using a range of different cloud apps creates complexity and the user will have issues with compatibility between these. The business may have access to over 10,000 cloud-based apps very few of which will have the ability to share data between them in a common file format. This is the downfall of Shadow IT and it’s how the business can steal back the advantage by equipping its staff with a solution that does allow the interchange of data, does support cross platform communications and does allow users to collaboratively access and manipulate data. It’s here where a unified collaborative communications (UCC) platform comes into its own. 

Microsoft365 is a cloud-based platform which features collaborative applications that utilise Office 365 Groups, a permissions platform that allows groups to be created and awarded access to folders and documents. A number of collaborative applications are supported such as Microsoft Teams, Yammer, Skype for Business, each of which provides a specific type of collaboration forum, while OneDrive and SharePoint Online are more geared towards file sharing. All of the applications are hosted on Office365 and support group-based sharing - this means all the apps integrate with email, SharePoint and Microsoft Teams and Yammer, for example – and, because data can be shared, it eradicates the problem of data silos and interchangeability between applications. 

Microsoft 365 addresses the problem of Shadow IT in four specific ways: 

  • Cost: costs are manifold and include the cost of paying for the solution; the cost of supporting that solution or in dedicating the time to remove it; and the cost of any loss or compromise of data which could be catastrophic. Microsoft365 provides a known quantifiable cost with licencing paid monthly with third party support provided by our dedicated support team, removing the costs associated with deploying and managing IT solutions.
  • Productivity: arguably the only reason for deploying Shadow IT, productivity can also suffer as users can spend their time deploying, attempting to manage and integrate the solution. Microsoft365 eliminates this overhead by providing ease of deployment and seamless integration, allowing users to get up to speed quickly with intuitive user interfaces to collaborate and share data.
  • Security: security policy may be compromised through the download of the application itself or the upload of files, their conversion and sharing them online which could result in data leakage. In addition, shadow IT can create a hole in company defences with estimates suggesting up to 70 percent of businesses have unsecured admins creating points of entry from external networks, while 75 percent may have inactive or redundant admins on the network.
    Microsoft365 solves this problem by embedding policies, controls and systems into the platform. Privacy controls provide visibility into where data resides, who has access to it and how it is changed. Plus Microsoft365 is continuously updated to deal with emerging security threats. For those wanting more visibility, Microsoft365 offers the Productivity App Discovery tool, accessible via the Office 365 Security and Compliance Center, which monitors firewall logs to detect unauthorised cloud apps.
  • Compliance: users can unwittingly contravene compliance regulations by sharing or exporting data insecurely. Microsoft365 meets industry standard regulations including ISO 27001, HIPAA, and PCI DSS Level One and PCI Governed Data. In addition, Microsoft also offers its Data Governance solution which can apply data controls to safely migrate data on premise or from external third party applications such as social media, IM, document collaboration such as Dropbox, verticals and SMS. The solution can also be used to supervise employee communications. 

Preventing shadow creep

Of course, shadow IT will always be an issue and it’s one the organisation needs to learn to manage by encouraging an open culture. Deploying a solution like Microsoft365 can take the pressure off the IT department and give them the capacity to deal with demand and have those open conversations about third party apps. By having a cloud-based platform like Microsoft365, the organisation also equips its IT department with a secure means to bring these apps into the fold. Plus it can futureproof the organisation, allowing it to benefit from the rollout of new applications that come online without incurring the risk or additional management overhead that would be associated with trialling an application as a lone organisation. 

To find out how Microsoft365 can help your business tackle Shadow IT, contact us today.


Topics: Microsoft 365, Shadow IT

Sign up to our blog