Mobile devices and apps are how work gets done these days. Employees aren’t tied to their desks, work doesn’t always mean sitting down from 9-5 and meetings can take place anywhere from a coffee shop to the sidelines of a soccer game.
According to Forrester, mobile device (smartphone or tablet) adoption in the U.S. has grown24% year over year in 2015. Another report found that only 57 percent of employees are aware of their company’s security policies, which means that 43 percent or more might be actively bypassing company security policies and not even know it.

So what does that mean for businesses?
As mobile device adoption grows and the concept of work continues to change, employees are going to use the apps and devices they want to make them feel more productive – with little consideration for company policy. When employees go around policies for email access or copying sensitive enterprise data to personal devices and using consumer apps, that’s called Shadow IT.

Company security policies are often seen as too invasive, hard to understand and far less than automated into how employees work – but this situation has to improve to protect sensitive company data. To make it easier on businesses and employees, we’ve outlined a few best practices that will help businesses protect what matters by safeguarding data in use, in transit and at rest to let employees focus on their work. After all, it’s all about user experience!

  • Control Access and Educate Your Workforce – Create policies that work for your business. You can do this by getting to know your workforce. Set up regular meetings with business groups to understand their needs – met and unmet. Then, create policies based on those needs and the governance requirements of the business. And don’t forget to encrypt everything!
  • Enforce Policies To Reduce Attack Surfaces – Make sure policies don’t lose value over time by enforcing penalties for bypassing them. Reduce attack surfaces for hackers or malicious insiders by securing applications and data through virtualization, containerization and secured networking while encrypting data in use, in transit and at rest.
  • Track Behavior and Learn From It – Monitor activities on the network and within apps to stay aware of what’s going on within your business – who’s accessing data from where and when – and take action as needed. Be consistent in policy enforcement and understand the difference between compliance and security. Just because policies are compliant, doesn’t mean they measure up to today’s threat landscape or risks unique to your business.

Shadow IT can be tough to tackle because companies don’t always know what devices and apps employees are using or how they’re circumventing company policies. Following the steps we’ve outlined will help businesses get processes in place to partner with their employees to keep business information safe and private throughout the security lifecycle.

See what some of our customers have to say about how best practices to stay secure have worked for them on our Citrix Synergy Innovation Awards Winners page. To learn more about privacy, security and compliance, visit
“Business Technographics Devices and Security Workforce Survey, 2014,” Forrester Research, Inc.
“Business Technographics Telecom and Mobility Workforce Survey 2015,” Forrester Research, Inc.