Step 1: Inventory
Before you can build a plan to manage Shadow IT in your organization you must first do an inventory of your environment by using software asset scanning tools to shed light on any non-IT sanctioned software your employees are using.. That way you can base your plan off of actual data that’s unique to your organization.
Step 2: Analyze
Once the inventory has been set up, you’ll need to identify and qualify your greatest areas of risk. Typically the biggest risks exist within departments such as Marketing or HR where employees are most likely to go rogue in order to better perform their job. You’ll probably need the involvement of departments outside of IT such as Legal, Compliance, and Data Privacy teams.
Step 3: Plan & Implement
Now that you know what you need to focus on, you can build a plan of action. The plan varies by organization but usually includes things such as updating or replacing software, implementing security solutions, and setting up new polices and procedures for procuring new software.
Step 4: Monitor
Shadow IT is a continuous issue that will not go away once you’ve completed your first inventory. Therefore, you need to implement a way to continuously monitor your environment and flag potential risks so you can promptly act on them before they become major problems. This is typically a combination of both people, technology and processes.