Now that you know about Shadow IT, what are you supposed to do about it? We’re glad you asked. Here are three simple steps you can take to control—and embrace—Shadow IT. (Because trust us, it ain’t going away.)

Step 1: Discovery

First, you need to figure out what cloud applications and services your employees are using, who is using them, what data is being transferred to and from them (does it contain sensitive or regulated information, like PCI or PII?), and how often. To do this you will most likely need to employ a third party service or device like Cloud Access Monitor, which can be done on-site or remotely.

Step 2: Monitor

Just like any scientist, teacher, or problem-solver will tell you, you must first gather information before you can draw a conclusion. In this case, you need to understand and analyze what’s happening with your data so you can decide what to do next. You need to separate the good IT from the bad IT, the light from the dark, the safe from the risky. The best way to do this is by passively monitoring all network traffic, 24/7, to see cloud usage, and determine risk.

Step 3: Control

Ok so now you know what cloud apps are being used, who’s using them, and what data is passing to and from them. It’s time to do something about it. You need to set your policy for which apps are ok to use and which are not ok. Anytime you detect usage of a non-approved app, let the user know that you have a new policy in place to safeguard your data, and kindly direct them to an approved cloud app. (Hint: don’t be a jerk. People don’t like jerks.) You should also block the non-approved app by sending a message to your firewall—you can do this

And look, just like that you’re embracing the dark side, you’re still in the cloud, and you’re back in control. Bam.

For a quick way to take care of all three steps, check out Cloud Access Monitor. (Really, go check it out…you will be impressed!)