According to a recent study by SkyHigh Networks, a medium-to large-sized business can use anywhere between 300 to 400 cloud applications and up to 60 different file sharing solutions just to get work done. Unfortunately, 90% of those apps are used without IT's knowledge.
Shadow IT — or the use of consumer tools without proper IT approval — is a worrisome trend for any organization. Businesses are wasting money on appropriate tools that are cast aside, and the consumer solutions are riddled with security concerns. Furthermore, IT lacks the appropriate control over storage and access, leaving systems vulnerable to data breaches or hacks.
North Highland, a Global Consulting Company with more than 3000 employees dispersed across 60 countries worldwide, specializes in working with clients across a variety of highly regulated industries. With strict compliance requirements for their sensitive data, they needed to tackle their Shadow IT problem immediately.
“We (in IT) didn’t buy this app and we don’t know what kind of data they’re actually storing in it," explains Paul Falor, CIO of North Highland. "Even if they are storing sensitive data, what are we doing about it?”
Step 1: Eliminate unsanctioned tools
After SkyHigh Networks audited their tech stack, they discovered 600+ people at North Highland using consumer-grade solutions, like Dropbox. Falor and his team would identify the problem tools and communicate that these solutions should not to be used because they lack security and support.
Falor and his team weren't blind to the need for a solution that satisfied users needs while also meeting IT security and compliance requirements. For example, North Highland's marketing team needed the ability to share a 4GB file with someone outside their organization — and they really had no good way of doing it.
Unfortunately, the ability to share large files wouldn't be enough to eliminate the usage of Dropbox, or to make the shift to Sharepoint libraries. Plus, Falor and his team needed the ability to control who is viewing what information, and to protect sensitive information shared with clients with document watermarking.
“We didn’t really have a good means of doing that, or preventing the printing and the forwarding,” Falor says.
Falor knew it was time to find another way to work.
Step 2: Find a solution that satisfies employees and IT
"You could tell Box is moving in the right direction because it’s technologies are purpose-built and purpose-driven. You don’t find that in the legacy technologies or companies who are just adapting."
Step 3: Improve security, collaboration and ROI
As a result of thwarting Shadow IT, North Highland realized just how much data they had.
“We had tons and tons and tons of data," remarks Falor. "As we started going through it, we realized a lot of it was stale or there were inconsistent versions, or 50 people had the same document with little tweaks, or older copies.”
"Now we’re able to figure out what data actually matters and what we do need to care about. We're also rethinking how we establish a common taxonomy for how we label and classify documents."
Paul Falor, CIO of North Highland
Additionally, Falor and his team reclaimed more expensive enterprise storage, repurposed it for more suitable needs or retired legacy solutions that were no longer useful.
“In an ideal world, we are going to start retiring some of those services or at a minimum, archiving it to lesser expensive services or storage targets," Falor notes. "Possibly even create some archive-type capabilities and take advantage of the unlimited storage that Box provides.”
Most importantly, Falor and his team can rest assured that unsanctioned tools and apps can get in the way of productive collaboration and security at North Highland. And as needs arise, they can look to leveraging Box to help them accomplish their goals before enacting yet another solution, or allowing employees to choose solutions without their knowledge.