We’ve all been warned about the dangers of the bring-your-own-device (BYOD) phenomenon – employees are using their personal devices for work, and with those personal devices come their own apps for storage and productivity.
But while we might think this “shadow IT” is limited to people who aren’t in IT or business, actually, it’s not – about 84 per cent of IT employees are using apps that aren’t formal software-as-a-service (SaaS) applications, according to a new survey from McAfee Inc. and market researcher Stratecast.
In a study of about 300 IT employees and 300 line of business (LoB) employees at enterprise-sized organizations in North America, the U.K., Australia, and New Zealand, researchers found about 65 per cent of these IT employees were using between one to five apps that weren’t part of their approved SaaS apps, while another 17 per cent had six to 10 of these apps on hand. Two per cent had anywhere between 11 to 19 going at any given time. And the LoB respondents didn’t fare much better – 76 per cent were using one to five unapproved apps for work.
It’s not as though these respondents were using these in secret, either, quickly flipping to a different screen every time their bosses walked by. Researchers found the average company uses about 20 SaaS applications regularly, with seven or more of these apps being non-approved ones. That means these are apps that employees buy and use, without getting any extra oversight.
What this says is that despite knowing the dangers, IT and LoB employees find it hard to resist apps that are easy to access, easy to run, and best of all – free. Using these “shadow IT” applications becomes widespread, especially among IT administrators.
“IT users are even more likely than LoB users to adopt non-approved SaaS. Furthermore, IT employees use a higher number of non-approved SaaS applications than LoB. It appears that, in acting as the guardian of corporate technology, the IT department considers itself exempt,” researchers wrote in their survey report.
“Stratecast suspects that this is a case of IT employees’ overconfidence in their ability to assess risks, as well as their greater familiarity with a range of SaaS solutions. Like parents who down a latte and doughnut while admonishing their children to eat a healthy breakfast, it may be a case of “do as I say, not as I do.'”
Researchers also noted that if businesses want to make changes, they have to make sure the IT department is on board. As IT administrators are the ones who have access to all of the company’s tools and administrative rights, they need to agree on the policies that companies put in place.
For businesses concerned about the security of their systems, it may also be worth communicating those policies more often, researchers suggested. In explaining their organizations’ SaaS policies, IT employees and LoB employees seemed to all have different answers. Just around a quarter of respondents listed one of the survey’s choices as their organization’s official policy – meaning it’s possible people aren’t sure what their policy really is.
And when researchers asked respondents why they turned to unapproved applications to do work, about 49 per cent of LoB employees and 42 per cent of IT employees said they’re just more familiar with the ones they’re using, even if they’re not approved.
In their mind, this makes them more productive – something a company can’t exactly frown upon. It may come down to listening to employees and giving them what they want, or finding better alternatives.