If government CIOs want to bring IT out of the shadows, they need to start by understanding what kind of tools agency personnel need to do their jobs.
That's one of the chief takeaways from a new study looking at shadow IT in the government — those unauthorized applications and services that employees use without the permission of the CIO and the tech team.
The new analysis, conducted by cloud security vendor Skyhigh Networks, identifies a startling amount of applications in use in public-sector organizations. According to an analysis of log data tracking the activities of some 200,000 government workers in the United States and Canada, the average agency uses 742 cloud services, on the order of 10 to 20 times more than the IT department manages.
That's a large number, but not out of step with what Skyhigh has observed in the private sphere, according to CEO Rajiv Gupta.
"The first thing I would say is yes, it's alarming, but it's not unique. Some of these issues are what we see in the commercial sector, as well," Gupta said in an interview.
Gupta points out that the rise in shadow IT is a logical outgrowth of the easily accessed, often free cloud-based applications employees use in their personal lives, and increasingly expect to bring to the office.
So the use of unauthorized applications, though a potentially severe security risk, often results simply from employees trying to do their work more efficiently, Gupta says, urging CIOs to connect with the business units of their enterprise to get a better sense of where the needs lie.
"The first thing that CIOs need to do, and some of the forward-leaning CIOs do well, is to understand the reason that my employees are using different file-sharing services is because they need file-sharing," Gupta says. "The first thing is to appreciate and understand that your employees are using cloud service to get the job done."
By category, collaboration tools like Microsoft 365 or Gmail are the most commonly used cloud applications, according to Skyhigh's analysis, with the average organization running 120 such services. Cloud-based software development services such as GitHub and SourceForge are a distant second, followed by content-sharing services. The average government employee runs 16.8 cloud services, according to the report.
Lack of awareness creates Shadow IT problem
One of the challenges is that not all storage or collaboration services are created equally, and users, without guidance from the CIO, might opt for an application that has comparatively lax security controls, claims ownership of users' data, or one that might be hosted in a country that the government has placed trade sanctions on.
"The problem is our employees are not aware of that and they just use the service that seems most appropriate," Gupta says.
Sign up for CIO Asia eNewsletters.