“While the panel advocated eliminating shadow IT, they admitted the efforts involved in doing so could prove daunting.
“The average employee is using about 28 cloud services, so when someone leaves that company, how long is it going to take … to shut all that down, and how do you get that data back?” said Jenkins.
Yet he agreed that this was a problem companies brought the problem upon themselves. When asking employees why they use auxiliary non-sanctioned programs, “what you see is a lot of them saying I have to get my job done, need to get things in by the end of the day, and here’s the technology to do help with that,” explained Jenkins.”
Here’ the thing that many on the IT/Security side don’t get. Users don’t generally just decide to use other services for kicks and giggles. It’s because the organization expects them to get work done, but doesn’t provide the proper tools. Most people who host corporate data on Dropbox, for example, need to be able to share it with remote coworkers, or access the data when they are not connected to the company network, and don’t have an easy, company-provided, way to do that.
All it would really take is providing a company-owned Dropbox account, but nah, why bother with that? That would be something else for the IT folks to keep track of, which they don’t want to do. Unfortunately, anyone with an interest in Info Governance, including anyone involved in eDiscovery, should want them to.