Applications have allowed enterprises big and small to become powerful and nimble competitors, and the rise in SaaS and Cloud applications being used has led to the evolution of IT departments. These departments are becoming more focused on development, management, and support, as well as strategic initiatives like scaling up their infrastructure than they are on simple infrastructure management.
But, there’s a downside– the explosion of the use of applications in business has led to some unique challenges for IT that may not be on their radar. For example, as we covered last month, your company’s customers may be expecting you to have a sustainable IT strategy and the more compute power you use, the greater your carbon footprint.
Additionally, if you host these applications on your servers, your data center or colo costs could increase. And with the rising cost of energy and potential energy availability issues, as we discussed on a recent episode of our podcast “The Power of Power” (episode 1), could put your budget and operations at risk.
But that’s just the tip of the iceberg. There are three additional risks that the expanding app stack can bring. Let’s take a look at the challenges of leveraging too many software tools and apps, and how you can mitigate the risks that come from having a sprawling app stack.
Risk 1. Too Many Apps Creates User Fatigue
A typical employee’s workday can start with logging in and checking email in their Outlook or Gmail app. Then, of course, they probably have meetings with Zoom or Teams or both. They may also get alerts in chat from Teams, Google Chat, or Slack. They most likely work in Word and Excel, maybe a project management software, or finance software, CRM, DocuSign, or a department-specific platform for a good portion of their day. Their department probably has specific line of business software they use as well. And probably a number of duplicative and additional apps on company mobile devices. You get the idea.
Employees have too many applications to keep up with. In fact, they can spend almost as much time learning and keeping up with functionality changes than doing actual work. It’s all too easy for them to get frustrated by inconsistent user experiences and changing apps, varying support protocols, and more. When adopting new applications without being strategic in your curation, you pay for the negative experience of your end users within the enterprise. That frustration impacts you, too.
To fight app fatigue, be judicious and considerate in your choice to take on a new application. Do you need to have multiple areas for communication, or is there a single solution that provides all of the necessary features? Can a ticketing system and CRM be in one platform? Can you use the functionality of an app across all departments, instead of assigning a different one to each? Is it even truly needed?
If you have to add more applications to your stack, take the necessary measures to make it easy for users. Vet options with multiple functionalities that can be used by multiple departments, making for easy and smooth implementation. Ensure that the app is a long-sighted solution, not a quick fix that will be discarded shortly after onboarding is finally complete.
Another helpful idea is to maintain an SSO (Single Sign On) option that allows a single set of credentials to authenticate multiple apps, saving time and effort in sign-on.
Risk 2. Security Issues Can Multiply
Behavioral engineering schemes thrive in an environment where users are exhausted. There’s the issue of duplicate passwords and systems with flimsy authentication practices, and other potential threat vectors– more apps (and a lack of proper understanding of these apps) means more opportunities to phish for credentials and leverage them across platforms. These and other issues that exploit human nature can create huge gaps in your security posture.
Beyond the issue of behavioral engineering is the simple concept that, the more apps you accrue, the more exposure to attacks you end up with. Having many third-party apps means you are also at the mercy of their security practices, and they may be much bigger targets than you. Last year, Apple experienced a series of zero-day attack vulnerabilities, marketing tool BeetleEye exposed 7 million people’s data with an AWS S3 bucket mistake, online appointment tool FlexBooker experienced a data breach exposing 3.75 million users, and Zoom raced to fix four security vulnerabilities that could have spelled disaster for its huge user base. In the latter example, Zoom did exactly the thing you hope your vendors will do. They found the vulnerabilities and addressed them proactively before damage was done.
Any third-party app you use will increase your footprint to threat vectors. And, third party cloud apps are popular targets themselves. Be strategic and discerning as you grow your app ecosystem, and put your third-party cloud vendors through the ringer about their security protocols before you sign up. Even if the vendors pass a rigorous test, and you think you’ve chosen a bulletproof app, put the right policies in place (2FA, SSO, and others) to protect yourself and your users– because even if you’re doing everything right, you can’t discount that others may not do the same.
Risk 3. Shadow IT
Risks do not end with the adoption of new apps. Shadow IT refers to employees signing up for new apps and implementing software without the knowledge or approval from IT. The ubiquity of apps means that line of business leaders and individual users can spin up an instance of an app they want without going through IT. It happens across departments; the sales team may sign up for a new application to integrate with their CRM, the finance team might onboard a SaaS app under the table, or the marketing team may take on a new SEO software. These changes happen outside of IT, and they happen a lot more than you think.
You probably know why this is a problem, and you may be wondering if it’s a problem at your organization right now. With disparate applications operating without management and monitoring from IT, nor being subject to company-wide policies and security measures, new threats are opening with no defense in place in case of emergencies.
Instead of arbitrarily independently making choices for each department about what apps they can and cannot use, take input from team members about what functionality they really need, what features ditched they can go without, and what is wreaking the most havoc on their work day. It’s natural for people to seek a solution to a nagging problem; so if you’re providing option A, a glitchy and non-user-friendly CRM software to sales, and they want option B instead, they may purchase it themselves instead of trying to get layers of approvals. Be receptive to the wants, needs, and opinions of your departments, and ensure that all of the options on the table are considered with them in mind.
Get Back to Basics
It’s our strong recommendation that IT be focused and intentional about adopting new applications. There’s a lot of pressure on IT leaders today to be on top of the ball with what’s new and shiny, and sometimes this leads to quick decisions or shortsighted ideas that later burn out in big ways.
As app sprawl continues, so does the frustration of your employees and the IT team trying to juggle all of the additions. As the app stack increases, so does the potential for a cyberattack. It’s time to be mindful and considerate in your choices to help ensure a productive, safe, and user-friendly experience on all of the apps you utilize.
Working with UPSTACK provides you with resources that can help you keep a bird’s eye view of your app stack and be strategic about the apps you deploy. We help you identify and mitigate the risks that can come from application sprawl. Reach out to UPSTACK today.