Turning the tide: how the public sector can win the battle against shadow IT

Written by Julian Cook on 2 June 2017 in Opinion

Tackling shadow IT should be an urgent priority for government in the wake of the WannaCry breach on the NHS, says Julian Cook.

Shadow IT practices show up deficiencies in existing information management  - Photo credit: Ole Spata/DPA/Press Association Images

Like many private sector businesses, organisations in the public sector are experiencing problems posed by the practice known as shadow IT.

This term denotes the use of IT systems and software inside organisations without explicit approval, which leaves those bodies vulnerable to security breaches.

With the recent NHS data breach in mind, cybersecurity issues are very much a current concern for the public sector.

According to a survey conducted by Vanson Bourne, shadow IT is rife in the public sector, with 33% of respondents saying that employees at their organisation regularly disregard corporate guidelines by using personal devices and file sync-and-share applications at work.

It is a widespread issue, and one that needs urgent action.

To combat shadow IT and reduce the risk of costly data breaches, public sector organisations need to seize the initiative across a number of fronts.

These include educating employees on the dangers, enforcing clearer IT usage policies and understanding the deficiencies in information management procedures that drive employees to shadow IT in the first place.

What is Shadow IT?

With many employees now accessing work resources on their own devices, and the availability of a plethora of software applications designed to make people more productive, unsanctioned IT practices are becoming increasingly commonplace.

Indeed, Vanson Bourne’s research revealed that 32% of public sector IT decision-makers stated that their employees used personal cloud services without the knowledge or approval of the IT department.

Inherent risk

The rapid rise of shadow IT is giving decision-makers major headaches, and the biggest concern for IT departments is the potential security threat that lurks.

The use of unauthorised devices and apps by employees often goes unnoticed and unmonitored and, as a result, many organisations are facing the negative consequences of these unsanctioned behaviours.

These risks range from a loss of control of documents, to data loss, non-compliance issues and information security breaches.

According to the survey, 31% of respondents had experienced at least one security breach in the past year due to unauthorised employee use of personal file sync-and-share solutions at work.

With the General Data Protection Regulation (GDPR) coming into force next year, and with it the danger of heavy fines for non-compliance, it is critical that organisations maintain control and visibility of their documents and information-handling practices.

Confronting the dangers

To combat Shadow IT, public sector organisations need to tackle the issues from several different angles.

The first area is one that can be addressed by IT departments almost immediately. IT decision-makers need to review their current policies on the use of personal devices and file sync-and-share apps (if a policy exists), and make any necessary changes so that usage of these devices and apps are strictly governed.

By implementing and regularly enforcing such a policy, IT departments can communicate to staff the impact of not adhering to these guidelines, and how this could negatively affect the organisation.

The second area involves understanding what drives employees to embrace unsanctioned practices in the first instance. Human beings are naturally inclined to gravitate towards the easiest way of getting their work done, and the use of personal devices and applications in the workplace is no different.

While it is difficult to pry employees away from devices and applications with which they are familiar, these practices point to the fact that the needs of employees are not being met by the IT solutions currently available to them.

In most cases, this is due to deficiencies in existing information management solutions and approaches, or that no such solutions are in place at all. This, in effect, is the root cause of Shadow IT.

One way to address this issue is for public sector organisations to look at how simple-to-use enterprise content management (ECM) solutions can make a difference.

ECM solutions allow organisations to intuitively store, archive and manage information based on what it is, rather than where it stored.

This eliminates the need for traditional folder-based file structures, which are often a source of exasperation for employees looking to find, access and edit the correct documents.

By making this process much more straightforward, employees will be less inclined to turn to unsanctioned apps and practices in the pursuit of greater efficiency.

Turning the tide

Because IT solutions are often unfit for purpose, shadow IT has been allowed to creep into IT practices at public sector organisations.

The key to dealing with shadow IT is finding a way for information management processes to become as convenient and the solutions employees use in their personal lives.

If these challenges are tackled, the public sector stands a much better chance of avoiding another data breach like the one experienced by the NHS.

Julian Cook is vice president of UK business at supplier M-Files

Share this page



Please login to post a comment or register for a free account.


Mr M Tackley (not verified)

Submitted on 21 June, 2017 - 08:20
Policy enforcement should be second on the list after staff engagement. IT policies are often diametrically opposed to user experience, so engaging the workforce to understand what they need to be effective in their roles should take precedence to a 'ban them all' approach. A more effective way to reduce the proliferation of shadow IT is for Finance Departments to strip all departmental IT and manage centrally through IT. This encourages better staff engagement and outcome based, business case-led projects that addresses the needs of those staff directly.

Related Articles

Related Sponsored Articles

Social justice: how the police can embrace online channels of citizen communication
17 June 2021

PublicTechnology talks to Salesforce about why police forces need to adopt new omnichannel capabilities, offer the public channel choice and the benefits of doing so

"The inflection point is here": how Covid is driving digital transformation in health
9 June 2021

It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation

The largest ever UK public sector cloud transformation unlocks cost savings and innovation
17 May 2021

Cloud-based applications can provide ways for agencies and departments to innovate and operate in new ways, as the past year has highlighted they must, writes Oracle 

Stopping Cyber Attacks in Higher Education
19 April 2021

Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.