Prevailing against Shadow IT with better info governance

According to a recent study by SkyHigh Networks, a medium-to large-sized business can use anywhere between 300 to 400 cloud applications and up to 60 different file sharing solutions just to get work done. Unfortunately, 90% of those apps are used without IT's knowledge. 

 

Shadow IT — or the use of consumer tools without proper IT approval — is a worrisome trend for any organization. Businesses are wasting money on appropriate tools that are cast aside, and the consumer solutions are riddled with security concerns. Furthermore, IT lacks the appropriate control over storage and access, leaving systems vulnerable to data breaches or hacks.

 

North Highland, a Global Consulting Company with more than 3000 employees dispersed across 60 countries worldwide, specializes in working with clients across a variety of highly regulated industries. With strict compliance requirements for their sensitive data, they needed to tackle their Shadow IT problem immediately. 

 

“We (in IT) didn’t buy this app and we don’t know what kind of data they’re actually storing in it," explains Paul Falor, CIO of North Highland. "Even if they are storing sensitive data, what are we doing about it?”

 

Eliminate unsanctioned tools

 

Step 1: Eliminate unsanctioned tools

 

After SkyHigh Networks audited their tech stack, they discovered 600+ people at North Highland using consumer-grade solutions, like Dropbox. Falor and his team would identify the problem tools and communicate that these solutions should not to be used because they lack security and support.

 

Falor and his team weren't blind to the need for a solution that satisfied users needs while also meeting IT security and compliance requirements. For example, North Highland's marketing team needed the ability to share a 4GB file with someone outside their organization — and they really had no good way of doing it. 

 

Unfortunately, the ability to share large files wouldn't be enough to eliminate the usage of Dropbox, or to make the shift to Sharepoint libraries. Plus, Falor and his team needed the ability to control who is viewing what information, and to protect sensitive information shared with clients with document watermarking. 

 

“We didn’t really have a good means of doing that, or preventing the printing and the forwarding,” Falor says. 

 

Falor knew it was time to find another way to work.

 

Find a solution that satisfies employees and IT

 

Step 2: Find a solution that satisfies employees and IT

 

As luck would have it, Falor found the solution to his woes at BoxWorks. Like many others before him, he understood the power and potential of Box CEO and co-founder Aaron Levie’s vision.

 

"You could tell Box is moving in the right direction because it’s technologies are purpose-built and purpose-driven. You don’t find that in the legacy technologies or companies who are just adapting."

- Paul Falor, CIO of North Highland

 

Since North Highland works with clients in highly regulated industries, their biggest concern with any potential solution is ensuring it could prevent accidental compliance violations.

 

For instance, if a client who should never be storing X, Y or Z, and shouldn't be collaborating with A, B or C, they needed systematic controls in place to prevent it from happening. Falor realized Box Governance would allow them to prevent incredibly costly accidental violations.

 

“Box Governance provides a nice basic DLP (Data Loss Prevention) solution. It allows us to whitelist and blacklist domains which is incredibly helpful from a collaboration standpoint," Falor explains. "In addition, legal holds and document retention can help us convert more of our file servers.”

 

Legal holds will allow North Highland to hold files in place so that they can't be deleted or modified, but without changing anything in the employee's workflow. Document retention enforces pre-defined retention and disposition to prevent under and over-retention of information, which can lead to compliance failures or increased liabilities.

 

Additionally, as with most consulting companies, 80% of North Highland's workforce is remote. With client firewalls, system configurations or consultants using client laptops instead of North Highland equipment, they didn’t have a productive way to collaborate — especially when they were working in different offices.

 

“Box helped us improve connectivity between those groups and made collaboration actually a possibility," exclaims Paul. "It's also removed some of the risk associated with storing information in old team sites that would have to open up permissions more than they were comfortable.”

 

Improve security, collaboration and ROI

 

Step 3: Improve security, collaboration and ROI

 

As a result of thwarting Shadow IT, North Highland realized just how much data they had. 

 

“We had tons and tons and tons of data," remarks Falor. "As we started going through it, we realized a lot of it was stale or there were inconsistent versions, or 50 people had the same document with little tweaks, or older copies.”

 

With Box, North Highland improved collaboration and version control of documents and data. By doing so, the true importance of their data and how they store and use it is able to shine through.

 

"Now we’re able to figure out what data actually matters and what we do need to care about. We're also rethinking how we establish a common taxonomy for how we label and classify documents."

- Paul Falor, CIO of North Highland

 

Additionally, Falor and his team reclaimed more expensive enterprise storage, repurposed it for more suitable needs or retired legacy solutions that were no longer useful.

 

“In an ideal world, we are going to start retiring some of those services or at a minimum, archiving it to lesser expensive services or storage targets," Falor notes. "Possibly even create some archive-type capabilities and take advantage of the unlimited storage that Box provides.”

 

Most importantly, Falor and his team can rest assured that unsanctioned tools and apps can get in the way of productive collaboration and security at North Highland. And as needs arise, they can look to leveraging Box to help them accomplish their goals before enacting yet another solution, or allowing employees to choose solutions without their knowledge.