Here’s a scenario for you: Let’s say you’re the CIO, and you find out that a small contingent of your staff has introduced a new tech tool into their workflows without bothering to tell you. How do you handle that kind of broadside?

If you answered, “This is basically happening all the time,” you’re in the same boat as a lot of IT folks these days. It’s probably a source of some pretty big headaches, because it’s another way that you’re losing control over your top-down strategy.

But what if I were to tell you it might be happening so often, so blatantly, that your policies are starting to look like the slice of Swiss cheese in the photo above? Sorry to be the bearer of bad news, but a recent piece over at IT World Canada plays up the direness of the situation in a brow-furrowing way.

Richard McConnell, IT director at a Canadian law firm, told the publication that an internal review of the “shadow IT” being used in the firm “produced some fairly startling results. We’re still surfing through the data. As a ballpark, [what’s being used] is in the area of hundreds of cloud services.”

But the article did me proud, because it suggested a better solution than closing off networks to services that are actually useful to employees—instead, it recommended figuring out ways to enable and support users relying on cloud-based tools like Dropbox and Evernote, or productivity tools like Trello or Google Docs.

Cloud Apps Everywhere

If you’re an IT person, you may be rolling your eyes at this suggestion, but you really shouldn’t—because there’s a good chance you’re severely underestimating how much unauthorized cloud apps have penetrated your workforce. A couple stats to consider:

A January report from Netskope suggests that, on average, enterprises have 397 unauthorized cloud apps being used in their offices—roughly 10 times the number IT staffers estimated. An updated report from July brought the number up to 508 and noted that 88 percent of such apps aren’t up to enterprise standards.

A separate report from Skyhigh Networks found 3,816 unique cloud services [PDF] in use among its customers, organizations ranging in size from 506 to more than 200,000 employees. Most of these services did not include basic security features that would bring them up to enterprise standards. While it tracked a higher average number of cloud services in use than Netskope did—738, as of the second quarter of 2014—it was down from the prior quarter, a change that Skyhigh attributed to better policies.

What’s interesting about both of these studies is that they give consumer-grade apps a spot at the table—putting Twitter and Dropbox on the same terms as Salesforce and Box. In its study, Skyhigh emphasizes that these products do have proper uses in the enterprise.

“However, consumer apps can present real risks to enterprises,” the firm says in its report. “Data loss in consumer apps can occur due to malware or insider threat.”

Don’t Say “No.” Say “Yes, But …”

Now, sure, it’d be great to get everyone working on the same software as a service (SaaS) platforms—for tech folks, the benefits of a consistent strategy would speak for themselves. But when your employees are finding big productivity benefits from apps they spotted on the internet and started using on a whim, you could be setting yourself up for some tough conversations by becoming the “party of no.”

Some IT departments already find themselves denying requests left and right, and let’s face it—it just kind of ticks non-infrastructure people off after a while.

The solution to the Swiss cheese problem of “shadow IT” is often to educate users and get analytics on how apps are actually being used in the office. In certain spaces, such as healthcare, regulations prevent you from throwing information up into the cloud all willy-nilly.

But there has to be a balance here. Instead of seeing these apps as a problem in need of reining in, SkyHigh CEO Rajiv Gupta suggests that IT folks enable users to use these kind of productivity tools—because if they don’t, they’ll find their policies quickly ignored.

“Employees are asking for the usability and flexibility in office applications that they can get from existing cloud services. And if they don’t get it, they will use it anyway,” Gupta told IT World Canada.

Plugging all the holes in a slice of Swiss cheese is futile, especially when you could be spending that time actually eating it.

(iStock/Thinkstock)