So-called Shadow IT — the use of devices, applications, and services outside the control of an organization’s IT environment —is on the rise. Across industries, Shadow IT use is projected to grow from 41% in 2022 up to 75% by 2027, raising concerns on how federal agencies can manage the use of external or unapproved technology.
In theory, Shadow IT isn’t necessarily a bad thing. It can introduce new capabilities into organizations faster than approved IT or procurement processes allow—and eventually drive mainstream adoption. At the same time, Shadow IT can wreak havoc if unsecure or unpatched technology allows sensitive data to be leaked. So it’s imperative that agencies find ways to manage Shadow IT and protect their information.
Ironically, the security policies at federal agencies can unintentionally foster Shadow IT. If employees feel hobbled by rules around mobile devices, text messaging and file sharing, they may try to go around them. They’ll use unapproved personal devices, instant messaging apps and file transfer tools just to get the job done.
Ease of use = less Shadow IT
To mitigate the use and creation of Shadow IT, agencies should look for a collaboration platform that team members will find easy to use, with functionality that makes them more engaged and productive. If employees can communicate, share data and collaborate in a unified environment, they’ll be less likely to circumvent IT governance and turn to unapproved applications.
A key feature is the ability of team members to organize messaging, data, and technology tools in topic-, project-, or event-specific channels. Channels keep communication, content, and capabilities organized in a single context. That way, team members can stay focused, without the need to context-switch for the information or tools they need.
An effective collaboration platform should offer more than just chat and data sharing. Also look for built-in, customizable playbooks for handling routine tasks. Playbooks are like digitized checklists that streamline repeatable processes, with alerts, review-and-approval workflows, and automated process steps.
Another often-overlooked solution is a secure, open-source collaboration platform. A collaboration platform that offers the flexibility to be deployed on-premises or in an approved cloud environment provides a single, trusted location where messaging and data sharing can take place easily and securely.
An effective secure collaboration solution can help teams avoid the need for Shadow IT. Even if Shadow IT occurs, a secure platform can make sure communication and content sharing take place in a protected environment.
For instance, Teams and Slack are popular cloud-based messaging tools. Communication in these apps is encrypted, so to that extent, it’s secure. But as with most cloud services, the encryption is managed by the vendors, who own the encryption keys.
For federal agencies and organizations that require strong security, a better approach is a collaboration platform that can be deployed on-premises in their own data center. A self-hosted platform gives the agency total control over communication and content shared within the platform, with complete ownership of the data. Such digital sovereignty is an imperative for government organizations that need to protect the privacy of employees whose data they manage.
An on-premisis collaboration platform also enables auditability of communication and data shared within the platform. Auditability can be crucial in cyber incident response, critical infrastructure and other use cases. Content centralized in the collaboration platform is immediately and easily discoverable for legal purposes. There’s no need to subpoena a cloud provider to access archived information.
Open-source for stronger security
Open-source also offers another way to strengthen the security of messaging and file sharing. Open-source code has been fine-tuned and hardened by the open-source community. There’s less chance that vulnerabilities were missed by a developer of proprietary software.
Plus, with an open-source collaboration platform, agencies have the option to customize the solution with scripts, API integrations, and tightly defined access controls for the most secure use cases. In fact, some U.S. federal and military organizations use an open-source collaboration platform to protect information at Impact Level 6 for DOD Secret-level data.
Ultimately, agencies will probably never completely rid themselves of Shadow IT. But they can tangibly reduce the security risks that Shadow IT presents. By taking advantage of a self-hosted, open-source collaboration platform, they can empower their teams with the messaging and data-sharing capabilities they need – while keeping communication and information safe.
Barry Duplantis is vice president and general manager, North America Public Sector, for Mattermost, a provider of internal chat services for organizations and companies.