Whether you realize it or not, many companies contain workstations with software that is not approved by the information technology (IT) department; instead, it has been adopted and installed by individuals or even, in some cases, entire departments. We call this use of unapproved applications or third party cloud services \u2018Shadow IT\u2019 due to its clandestine or covert status.\n\n\nMore often than not, these activities are not malicious in nature: they are merely a means of maintaining productivity when IT response times to support requests are sadly lacking. One key - and often overlooked - aspect of shadow IT is found in development environments where some users\/developers are using public clouds to do development work, or running their own open source software in a virtual machine (VM) on someone else\u2019s cloud.\n\n\nThe dark side of shadow IT\n\n\nUsers and developers often don\u2019t realize the ramifications of using shadow IT. For instance, they don\u2019t consider the fact that shadow IT:\n\n\nPlaces development work outside their company\u2019s firewalls, leaving company-sensitive data totally exposed.\nCan result in serious damages in the event of an e-discovery requirement if companies are unaware of all the locations their data resides.\nSets the stage for asset management and software licensing issues.\n\n\nThis isn\u2019t something to shrug off with the old quip \u201cit\u2019s easier to ask for forgiveness than permission.\u201d There is a real reason why IT policy prohibits shadow IT activities.\n\n\nA wake-up call for IT departments everywhere\n\n\nAlthough users and developers are the ones gravitating toward shadow IT, they aren\u2019t actually the source of the problem. In many ways, IT departments are causing their own security issues as inefficient response times force employees to find timely alternatives to maintain their own productivity goals.\n\n\nIT needs to wake up and understand that business as usual \u2013 where the IT department receives a request and takes six weeks to complete it \u2013 is no longer acceptable. During those six weeks, rather than wait, employees are going to find their own solutions, which may include shadow IT implementation.\n\n\nLocking down desktops or preventing access to the Web will not deter shadow IT, as employees will often find workarounds. Yes, we have to improve IT turnaround, but even an improvement of 50 percent would mean that requests would take three weeks, which is still too long. We need to find a better way.\n\n\nLeveraging a new approach\n\n\nIT therefore needs to think about doing business differently if they want to remove shadow IT and get rid of the security implications of putting corporate data on unsecured platforms on the Web. The ideal answer is to find a cloud provider with reasonable pricing where IT can lock that cloud down to their standards or, alternatively, to create their own internal cloud that is self-served, where they can charge back to the department or employees as resources are used.\n\n\nThe benefits of this approach are obvious:\n\n\nWhen a company has their own interface to an approved cloud, there is a measure of control that does not allow data loss in the same manner as experienced in the public cloud. In other words, the company gains control of its data, as it can only be shared with members of the same organization or even project team.\nHaving a self-service cloud solution gives you the ability to specify how long a virtual machine will run. This is especially important in the development environment, where a specific platform may only be required for a few days.\nThe self-service environment is ideal for training, with predefined training environments configured and installed in minutes.\nIf you have a virtual machine in your own cloud, you can control the data that goes in and out and can also review traffic logs where necessary, i.e., in the event of a hack.\nIn a self-service environment, if a developer requires an image for a particular operating system, licensing requirements are automatically catered for and charged to the relevant department. This may not be the case in a public environment, as users will tend to use whatever software installation disks are lying around, increasing the risk of noncompliance for software licensing. Therefore, with the elimination of shadow IT, asset management and software licensing becomes easier to manage.\nThe final \u2013 and perhaps the most crucial \u2013 benefit to removing shadow IT is that it allows the IT department to focus on business critical processes, rather than endlessly supporting trivial requests from end-users.\n\n\nIf IT does not provide the tools necessary for development work, developers and other end-users will find solutions elsewhere. The onus is on IT to eliminate the situation by providing a software repository that meets all employee requirements, thereby preventing them from going outside the company to get their work done.\n\n\nThis article was previously published on Forbes.com.