Photographee.eu - Fotolia
Shadow IT occurs when users select their own IT services without informing the IT department. This can include file sync and share (FSS), backup platforms, and project or customer automation services that offer file sharing via attachments. One mission of an IT administrator is to protect data, but these programs make it difficult because they exist outside of the corporate data protection process.
The single biggest challenge shadow IT creates for the data storage protection process is that data can be created, modified and shared without ever touching a file server under the supervision of IT. The most common example of this is file sync and share where data can be created locally on a laptop or tablet, stored in a user's FSS account and subsequently shared to whomever the user deems appropriate. IT administrators can't back it up because they don't even know the data exists.
Many online customer relationship management (CRM) or project/task management services also support file sharing. And once again, this data can be created, modified and shared without ever touching storage within the organization's infrastructure.
In both cases, this data needs to be identified and protected for two reasons:
- IT needs the ability to recover data in the case of accidental deletion.
- IT needs to access data if an employee leaves the company or is terminated.
When users select these services without the knowledge of IT, the user owns the relationship with the service provider. If they are terminated and the organization can't get to the data, it is essentially lost.
CRM and project/task management tools also store specific information about an account or project in their databases. FSS products obviously store the data they are syncing or sharing. These online providers perform their own backups, but in most cases, users of these services cannot access these backups. If they can, access comes at an additional cost. In other words, the backups are for the convenience (and protection) of the service provider, not the subscriber. It is becoming increasingly important for IT to maintain its own copy of these data sets without becoming totally reliant on the provider of the service.
Solving the shadow IT data protection problem
There are a number of ways to eradicate the holes in the data protection process that shadow IT creates:
- Give users the tools they need so they do not have to search outside of the organization for endpoint protection and FSS. There are several enterprise-class FSS products that offer users an experience similar to many of the consumer cloud offerings, and still provide IT control over what is shared, with whom and for how long. Some products even allow FSS to occur without any data being placed in a public cloud provider. Essentially, the FSS file store is as easy to protect as any other network mount point.
Several endpoint protection products that protect laptops, tablets and smartphones can also compete head-to-head with cloud offerings. Many of these allow users to access their backup data from a smartphone or tablet for editing or previewing on that device. Many of these products also offer file sharing for collaboration with other employees.
These products are available from suppliers whose sole focus is endpoint data protection, as well as more traditional vendors who provide it as an add-on. Some endpoint-only products offer more advanced features like tablet/smartphone restore, but they don't have the integration with the traditional data protection application. The choice has to be made between cutting-edge features or integration with existing processes.
- Perform in-house backup of cloud-based application data to protect against accidental data loss or intentional data deletion. There are several cloud-to-cloud or cloud-to-data center backup products available. These applications interface directly with the service provider and backup data from these applications to in-house storage or to a secondary cloud provider.
Shadow IT services can come back to haunt administrators if users expect them to find and recover data they never knew existed. Data is the property of the organization and should remain with the organization when an employee leaves or is terminated. Protecting this data is critical, but that task requires IT to offer employee access to the services/applications they want, while maintaining control over the data created using these products.
Data protection process best practices for business continuity
VDI backup's impact on data protection
Move from protecting data to information management