How to banish shadow IT: Deliver enterprise apps and services that users want

The ease with which staff can source their own 'shadow' cloud services has led to a growing number of unauthorised services creeping into the workplace. Here's what you can do about it.
Written by Nick Heath, Contributor

Enterprise software: The big trends and why they matter

Do you know which cloud services your staff are using? The answer would seem to be 'No' for a sizeable number of businesses.

The ease with which staff can use free consumer services in the workplace, or managers can source line-of-business services direct from vendors, alongside dissatisfaction with IT-provided tools, has led to a growing number of unauthorised services creeping into the workplace.

"Business users can go out and buy SaaS without involving the sourcing professionals at their organisations — and many of them do because it is quick and easy and meets their needs at a point in time," said analyst group Forrester Research in a January 2014 report, which references a single organisation with "hundreds of instances of self-provisioned SaaS".

Where there's a crossover between tools that are useful both inside and outside of work, targeting consumers is sometimes seen as an effective way of getting that service into the workplace, according to Richard Absalom, senior analyst for enterprise mobility at Ovum.

"For things like social networking and video collaboration, the vendor's model is to try and sell to end users. They have a freemium model and try to get people to sign up and drive that usage within the business. Once they've got a big enough scale they'll go and ask the CEO to pay for that service now please, because everybody's using it," he said.

This approach of persuading businesses to use a service by winning over a critical mass of individual users, rather than those in charge of IT buying, is guiding strategy at some cloud service providers.

"When I think about how to sell to enterprise I think about how to engage with the grass roots, how I can build a tool that people like using," Andy McLoughlin, co-founder of cloud-based collaboration and content management software maker Huddle told a conference last year.

The tendency of staff to use services designed for personal use in the office was revealed by recent figures showing the most widely used cloud storage services are consumer-grade offerings from Dropbox and Google, rather than enterprise-targeted alternatives such as Box.

Source: Skyhigh Networks

Similarly, of 4,300 full-time employees surveyed by Ovum nearly one third of staff using file-sharing programmes were using an application they found themselves.

What's the big deal?

Why can the use of consumer or unvetted cloud services in the office be a problem? One of the main reasons is security, as these services typically don't include features to minimise data loss and provide the detailed audit trails required by some businesses.

For instance, unlike features found in enterprise-first offerings like Box, consumer cloud storage services typically don't offer all of the following: integration with a company's data-loss prevention (DLP) tools, IP filtering and data encryption — both in transit and at rest.

Another drawback of staff using a federation of different cloud services is that it creates data silos. A business may have a central view of data held within a corporate account, but it's typically blind to corporate information that employees have stored in various personal accounts.

Cleaning up

Blocking these unsanctioned services isn't an effective way of stopping access. In some cases preventing logins can lead staff to switch to a less secure online service; the logistics of stopping access can also be tricky due to the plethora of devices that can connect to them.

IT departments can address these kinds of security holes and regulatory worries by securing consumer apps in the workplace or by providing an equally attractive alternative that has been certified for enterprise use.

For instance, third party tools such as Backupify, CloudLock, CipherCloud, and Perspecsys add security to data stored in consumer-grade cloud services.

Another alternative is for businesses to build an enterprise app store that provides staff with easy access to an alternative online service sanctioned by the business.

"The enterprise app store's role is giving the right applications to the right users. So you can set group- and user-specific policies as to who gets access to what."
—Richard Absalom, Ovum

"In the future, sourcing can get even further ahead of these requests as they build their repository of SaaS contracts, their knowledge of SaaS vendors, and, ultimately, become SaaS orchestrators — offering up app store-like solutions that make it easy to provision pre-vetted SaaS technologies," recommends Forrester's TechRadar SaaS report.

As well as making cloud-based apps easily accessible, these portals can give businesses the ability to control which roles have access to which services, and how they can use them.

"The enterprise app store's role is giving the right applications to the right users. So you can set group- and user-specific policies as to who gets access to what, but there should also be a place where you can have easy discovery of both publicly-available third-party apps and also anything developed in-house," said Ovum's Absalom.

Enterprise app stores are still relatively rare, but portals of enterprise-ready cloud services and apps have been launched by a few businesses, such as the French maker of corrective lenses Essilor International.

The company's Essi Store, built using technology from mobile device management specialist Airwatch, includes internally-developed CRM software, as well as presentation and catalogue apps. Another example is the networking giant Cisco, which provides a store of internally-developed apps via its Cisco App Fridge, based on technology from Apperian.

"They've put loads of internally-developed apps in there for all different parts of their workforce. It lets people discover the apps that they need," said Absalom.

User experience is key

Whether the apps on offer are developed in-house or by a third-party is less important than whether they are as attractive to staff as the consumer tools they currently use, or as compelling as the third-party line-of-business services being pitched to managers, said Absalom.

"It comes down to providing people with an experience they're used to, and giving people the right applications to do their jobs," he said.

"The first thing that people think about when designing a new app is user experience. A lot of newly designed applications, like Box and Yammer in the enterprise social space, deliberately look and feel like a consumer application. Yammer is modelled on Facebook and Box is modelled on Dropbox, and there's a good reason for that — it's because that's what people are used to and they want something slick," added Absalom.

"A lot of newly designed applications, like Box and Yammer in the enterprise social space, deliberately look and feel like a consumer application."
—Richard Absalom, Ovum

"Also if you're not forcing someone to pay for it [they're more likely to use it], because that's also part of the reason they're using Dropbox or Google Drive — they're free."

Choosing the services with which to stock an app store requires IT departments to monitor the third party services and tools staff are sourcing for themselves, and attempt to anticipate the tools they'll want to use six months down the line, said Absalom.

"The CIO's role is changing from 'let's distribute the apps that people need' to 'let's try and work out what people are using and judge which can be securely used and which could do with having an enterprise alternative'," he said.

"If you can be proactive and encourage people to adopt the right applications by understanding what they're using and why, and provide a way of using that service or a suitable alternative, that will certainly make it easier to manage from the enterprise point of view."

Editorial standards