I am trying to reduce the use of 3rd part apps in my company. We are officially using JIRA for helpdesk, projects, and task management, but some people were able to acquire Asana licenses. I took over the admin account, created block domain access and sunset this software. Sadly, some people still use different apps just by using email and password to authenticate themselves. Because of that, I don't see these apps on my app request in the google admin console. How do you solve that problem? I am close to requesting a domain access report to build a list of the 200 most popular domains accessed from my network, do a cross-check with known tools, and then blacklist those. Is there a more elegant solution?
Sort by:
I feel your pain. Unfortunately, you can try to block as many domains as you can, in the end, employees will find a way.
Usually, our "oldest" (by the record of service) employees were the problem, because they didn't want to change and spread this "approach" to the new hires.
We dealt with this issue by:
- Creating clear company policies
- Implemented this issue in our Awsernes training (for new hires and annual ones)
- Posted periodic reminders
- Together with Legal informed managers about possible legal and monetary consequences for the company, so managers would look up for their teams
- For those who got caught we performed individual talks
To avoid the risk of a toxic environment I strongly recommend avoiding these things:
- Public denouncement of guilty employee
- Don't be too much of a "Police" or "Inquisition"
Eventually, in time, the number of these issues went down, however, some individuals still pops up (:facepalm:). I think this is the newer ending story, you can mitigate it but you cannot exterminate it.
Hello Janis, thank you. <br>This is precisely what we are doing right now, to the point when we hide our black sheep from the Leadership's wrath as we understand we would lose access to people asking for help.<br>My usual casually mentioned potential GDPR fine (20mln EUR) is working great in 98% of cases, but once I heard 'fine, I will use my personal Gmail to create an account in XYZ (and store corporate data)' and that left me speechless.<br>That is why I wonder if there is something obvious I missed<br><br>
Aggressive blocking may not be an good idea , it may fire back as this is not good practice. You may need to work with your management and officially come up with end of life/support for the third party tool and allow everyone else to start moving to Jira or whatever your enterprise wide adopted tools are.