What Is Shadow I.T.? And How Can It Help [Or Harm] Your Law Firm?

17 March 2020 by Ross eDiscovery IT LegalTech

Takeaway: Shadow IT refers to the devices, apps and services that your team uses but which aren’t authorized by your firm. These shadow technologies are undeniably useful but are a huge security risk. The solution? Bring them into the light. Spot the ones that work, have them vetted by your admin or IT team, and ‘okay’ them for official use. Give your team the tools they need and shadow IT stops being an issue. Even better, it’ll make your firm more productive.

‘Shadow IT’ refers to all the unauthorized technology being used at your firm.

It’s the hardware, software and services that we all love, but that the firm (or the IT team) doesn’t know about. This includes things like the flash drive you plug into your computer from time to time, the Dropbox folder where you back up important files, or the Facebook app you log into when things are slow at work.

Shadow IT isn’t new, but it’s evolved a lot over the last decade.

We’ve always been bringing unauthorized stuff to the office. It started with devices like floppy disks or CDs (back when those were the rage). And more recently, iPhones, laptops and tablets. But now we’re bringing in apps too.

Productivity apps like Slack
Communication apps like Skype
Messaging apps like Snapchat
Cloud storage apps like Google Drive

Usually, teams use shadow apps and services as shortcuts to help them work better.

So, for example, they might use cloud storage for files they want to work on when they get home. Or they might email a document to a colleague’s personal email address because it needs editing ASAP and the colleague is traveling. Or they might log into your firm’s WiFi from their personal laptop because their office computer just hung and they need to check something real quick.

Unfortunately, these shortcuts can be a huge security threat.

Their cloud storage app, for example, may not be as secure as the one your firm uses. [It’s the same with your colleague’s personal email versus her work email.] Or an unverified app on your personal laptop might give hackers access to your firm’s network. But equally important, no single person (or IT team, if you have one) is tracking all the personal cloud folders, email accounts and laptops being used. So, your firm won’t know if data has been stolen. Or what to do if it has.

But there’s an upside to shadow IT. It introduces you to a world of new apps and services.

If a teammate is using a shadow app, it’s the best solution to a problem. And this is an opportunity you don’t want to miss. Because it might be the productivity boost your entire team needs.

So, how can you harness shadow IT?

Here’s what you can do to bring useful shadow tools into the light.

1. Educate your team

Help them understand why their devices and apps can threaten office security. Most of them genuinely think they’re working smart. So, if they knew about the drawbacks, they’d make better choices.

2. Find out which devices and apps they find most useful

This is so that the admin (or the IT team) knows what technology is in play. Start by checking if your team uses the following popular apps. Once they’re primed with these examples, they’ll be able to give you a more thorough list.

Asana: An easy way to keep teams organized and help them communicate. You can create project to-do lists, set reminders for deadlines, comment on posts, and more.
Bitrix24: Another project and employee management tool. Collaborate, message, share documents, schedule meetings, and more.
TeamViewer: It lets you access and use your laptop (or any device) even when you’re miles away. Perfect for when you need immediate access to files or colleagues. Hold and record virtual meetings with audio, video and text chat, a whiteboard, file sharing and more.
Evernote: A convenient way to record information – i.e., to-do lists, short notes, essays, photos & screenshots, links, articles, etc.
Trello: A collaboration tool that organizes your projects into boards. It tells you what’s being worked on, who’s working on what, and where something is in a process.
Pocket: A central storage space to hold articles, videos and other content for easy viewing later. It can download content for offline use and you can share it with other Pocket users too.
LastPass: A password management tool that can quickly generate strong and secure passwords, save them in an online encrypted vault and give you access to them across all your devices. And it’ll log you in to sites with a single click.
Buffer: A social media manager that lets you create, schedule and track your posts. You can set up different posting times for each of your Facebook, Twitter, Instagram, LinkedIn, Pinterest and other accounts.
Join.Me: Set up a virtual meeting with just a few clicks. Or join one by entering a code in your web browser – you won’t need to download or install anything.
Metactrl Sync: An app to auto-sync android smartphones and their connected cloud storage apps like OneDrive and Dropbox (which usually come with manual sync).

3. List the devices and apps that they should be using, instead

Most unauthorized devices and apps are used as workarounds. So, if your team uses unsafe software, give them a safer alternative and they’re guaranteed to switch. Also, encourage them to share new tools they discover, so you can keep your ‘okayed’ list relevant.

4. Create an explicit shadow IT policy

This is a list of specific do’s and don’ts for your team. It’ll outline:

Possible scenarios where shadow apps may be okay,
What restrictions apply in these scenarios
Cybersecurity best practices that each team member must follow.
Security measures the admin (or IT team) will take, such as tagging devices and monitoring your firm’s WiFi traffic.

(Learn how to draft a shadow IT policy.)

GoldFynch: The perfect eDiscovery shadow IT success story

Years ago, the cloud-eDiscovery application GoldFynch started off as an underdog. Soon, though, small and midsize law firms spotted its potential and ‘okayed’ it for their teams to use. But it was a calculated decision based on these factors.

GoldFynch costs just $27 a month for a 3 GB case: That’s significantly less than most comparable software. With GoldFynch, you know what you’re paying for exactly – its pricing is simple and readily available on the website.
It’s easy to budget for. GoldFynch charges only for storage (processing is free). So, choose from a range of plans (3 GB to 150+ GB) and know up front how much you’ll be paying. It takes just a few clicks to move from one plan to another, and billing is prorated – so you’ll pay only for the time you spend on any given plan. With legacy software, pricing is much less predictable.
It’s safe. Your data is protected by bank-grade security. Perfect for small and midsize firms.
It’s quick to get started. GoldFynch runs in the Cloud, so you use it through your web browser (Google Chrome recommended). No installation. No sales calls or emails. Plus, you get a free trial case (0.5 GB of data and processing cap of 1 GB), without adding a credit card.
It’s simple to use. Many eDiscovery applications take hours to master. GoldFynch takes minutes. It handles a lot of complex processing in the background, but what you see is minimal and intuitive. Just drag-and-drop your files into GoldFynch and you’re good to go. Also, you get prompt and reliable tech support.
It keeps you flexible. To build a defensible case, you need to be able to add and delete files freely. Many applications charge to process each file you upload, so you’ll be reluctant to let your case organically shrink and grow. And this stifles you. With GoldFynch, you get unlimited processing for free.
Access it from anywhere. And 24/7. All your files are backed up and secure in the Cloud. And so it’s perfect for when you have to work from home.