Shadow IT Puppets

Your law firm employees are using cloud services without your knowledge.

Shadow Puppet Image provided by Wikimedia under the Creative Commons Attribution 3.0 License.

In a recent survey, 61% of businesses had employees who created a mobile app for use at the office in 2015, without any input, help, or even awareness by their IT department. These rogue employees are using the growing breed of cloud apps that build custom software. IT security consultants call these quasi-authorized apps “Shadow IT.” Employees are building Shadow IT apps that replace paper forms and manual processes, and they’re doing it in a matter of hours. That client intake checklist you’ve relied upon for over a decade? It’s been replaced with a Google Apps for Business digital form and spreadsheet.

Your firm is using these apps already; you just didn’t realize it.

I’m to blame for this.

At Clio, we’ve posted several guides on how to build similar app integrations. We’ve hosted webinars on automating you law firm. We post our API publicly, so that your tech-savvy employees can build their own versions of Clio. We’re making it easy for your law firm colleagues to build their own tools, automate their own tasks, and speed up their productivity.

Interconnectivity functions are going to be the bedrock of the next generation of legal technology. Legal tech will not just connect vertically, like when “Wexis” overcharges you to connect their tools together, but also horizontally between providers. Right now, any legal technology provider or law firm can build an integration with Clio. A legal ecosystem is being built that let’s specialized tools connect with firm management, playing to the strengths of each tool.

The downside to this interconnectivity is that your information proliferates, ending up in places you may not even realize exist. The chance of inadvertent disclosure grows with each new app plugged into your office IT. Privacy and confidentiality concerns grow exponentially when you think of apps plugging into apps, plugging into yet more apps. Without strong oversight, your data can end up anywhere.

So, what should you do when law firm employees can build new IT infrastructure whenever they feel like it?

First, encourage your employees to build this type of tool. The worst thing you can do is make them feel like they have to hide this activity from you. They’re going to be building Shadow IT anyway. You want them to be able to brag about the improvements they’ve designed, rather than hiding their screens from you when you approach. Participation is your best means of getting insight into when employees are plugging tools together. These discussions also let you give feedback and perform due diligence on the systems being built. You can quickly determine what combinations are beneficial, and which are risky.

Second, make sure your tools have adequate logging and reports. Even if an employee doesn’t tell you about their latest SaaS solution of the week, you want to see when new tools plug into your current ones. Token requests, API connections, and even credit card charges give you insight into what your employees are doing behind your back. Periodically reviewing your IT infrastructure is now a fact of modern legal practice.

Third, examine which parts of the firm’s workflow is holding people back. Most Shadow IT is being built because people know that better methods exist. We prefer to use tools that make work easier. Choose IT infrastructure with ease-of-use as a feature. Odds are your employees will like the tools provided. They won’t feel the need to build their own guerilla workflows.

It’s never been easier to build new software. To your employees, that’s a good thing. To you, it’s a potential nightmare. Don’t let Shadow IT catch you in the dark.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.