When Users Go Rogue with Unapproved Apps

Posted by: Joy T. Apple on June 5,2019

Have you ever heard the phrase “Shadow IT?”   

When I hear it, I get a mental image of ninjas sneaking around an IT department, but while it’s not referring to some outside spy/assassin creeping around our office, it is a dangerous thing.  


Shadow IT = Rogue Users 

If it’s not ninjas, what is shadow IT? Well, it’s basically our own people going rogue, for a variety of reasons.  A business user, sometimes a whole department, has a need and they know about/hear about some application or tool that will meet the need, so they get it, implement it, and it’s now being used in the organization 


Why is that a problem? Shouldn’t we be thrilled that folks are out there solving their own problems? Sorta kindabut not in that way. There’s now an unvetted, unapproved, maybe-not-secure-at-all application in the organization and if sensitive information touches that tool, it could be bad. Real bad. And how would anyone know, since it’s not tied into the governance policies of the organization. No data loss prevention, no discovery, no awareness of what’s been sent, uploaded, shared and no way of knowing where’s it’s gone after it hit that rogue application.  

What Are Rogue Applications?  

Great question! Anything not approved and made available by your Friendly Neighborhood IT Department. They could be just about anything, but the usual suspects are: 

  • Personal emails accounts such as Gmailyahoo, AOL (yep, those still exist) 
  • Personal Box or Dropbox accounts Even your personal OneDrive.  
  • Messaging apps like WhatsApp, Slack, Messenger, even texting  

Again, this is by no means an exhaustive list. Back in my early days of being a SharePoint farm administrator we found a group was running their own installation of SharePoint Foundation on a single server under someone’s desk. Why? “We needed SharePoint.” There was no malice or desire to circumvent IT; they just had a need and either (somehow) didn’t know the entire company was already using SharePoint or didn’t feel they could come to IT to talk about their business needs. There’s backstory, of course, but that’s a story for another day, maybe over a glass of wine.  

Why Do Users Not Come to IT First? 

There are so many answers to this question. The most common seem to be: 

  • Unaware that they can make requests of IT 
  • A bad relationship with IT  
  • Slow response times or lack of IT availability 

If you haven’t heard, on my upcoming Joy of SharePoint webinar I’ll be talking through why our users go rogue and how we can bring them back into the fold (details are below). But, I’ll let you in early on the number one thing you can do: Communicate with them! Make your self available. Ask how existing toolsets are working for your people and if there are any needs not being met. Folks tend to be a little shy about approaching us IT types. If we go to them first we’re taking the first step to bridging the gap between the business and IT. It also shows that any misunderstandings or previously rocky relationships can be mended. Open, willing communication it the number one best way to start shining a light on Shadow IT. 


To find out more about Why Users Go Rogue and How to Bring Them Back to Office 365 make sure to watch the Joy of Sharepoint webinar on this subject.

Watch the Webinar

Topics: Challenges, Shaddow IT

Subscribe Today!

Recent Posts