Rather than resist shadow IT, CIOs can work as partners with the departments that are running the applications, keeping company data safe and secure.

Guest Commentary, Guest Commentary

April 3, 2017

4 Min Read
Image: Bykst/Pixabay

Today’s fast-paced work environment finds employees striving to improve efficiency, productivity and communication. In an attempt to excel at work, they often use applications, services, data storage and sharing beyond IT’s approval. This practice — known as shadow IT — is having an obvious impact on technical support teams by undercutting sound governance and reducing operational efficiencies.

According to Gartner, by 2020, one-third of security breaches will be because of shadow IT.

There are five ways, though, that IT can become a trusted ally across an organization and build a plan of action against the security vulnerabilities and unnecessary costs of Shadow IT.

  1. Seek out the biggest shadow IT opportunities. Information is knowledge and knowledge is power. Take inventory of who is using what programs across the company. With this information, IT can then assess potential issues and make appropriate changes. Monitor closely to see if any new and unknown tools or applications pop up in regular scans. Depending on results, an enterprise-wide vulnerability scan may be necessary. Network sniffers and security scanning tools can provide detailed information on new and unknown data streams. While monitoring does not remove the threats of shadow IT, it does provide the IT department with better insights and the ability to start risk assessments or research alternative solutions.

  2. Assess security and efficiency risks and provide suitable alternatives. Take advantage of creating an open dialogue with your colleagues — your internal customers — across the company. Listen to their feedback, learn more about the problems they’re trying to solve, and be willing to provide input on which tools may be a security concern, and offer an alternative. I once had a request to review a tool that was already approved and deployed by another department in the organization. In this case, it was a lot easier (and a lot cheaper) to adjust our plan to add a few more licenses than it would have been to initiate a whole new contract.

  3. Encourage employees to come forward with their requirements. Let’s look at supporting teleworkers as an example. If you don’t have an IT-approved way of enabling employees to work remotely, it is almost certain they will find a way to do so on their own. That’s when things get tricky. There is a tendency for IT organizations to not be very open to new requirements needed by employees to do their job. IT should offer a safe haven for those employees and departments to come forth with their requirements and even suggest possible solutions that they would like to see implemented. By working together, IT can then take a look at the programs, determine the risk and offer comparable solutions, where needed, to achieve beneficial outcomes for all.

  4. Vineet-Misra-CIO-Lifesize.jpg

    Vineet Misra, CIO, Lifesize

  5. Become more involved in the application selection process. This truly comes down to trust and relationships. It is important for IT to build a rapport with every department head and meet regularly to discuss their technology strategy. Establishing an open dialogue between departments and the IT organization helps to remove the “us” versus “them” notion and makes technology transparency and potential risks of adopting unapproved technologies less of an issue. Having a seat at the table in the strategic planning stage will reduce most surprises around shadow IT down the road.

  6. Keep in mind that not all shadow IT is bad. It is very possible that not everything you discover when mitigating shadow IT is bad. The tools you discover are truly the voice of the customer, showing you what teams really need to be successful. It even may be that these applications can be beneficial to other departments. Be open to feedback from department heads and work together to have IT be part of the strategic planning for the department and company from the beginning.

The bottom line is that shadow IT doesn’t have to be prevalent if there is open communication between IT and its customers. Employees typically engage in shadow IT because they think it will save time and money by not involving IT in the approval process for the technology they want to use to be more efficient. In reality, going around IT just bypasses the critical management, integration, security, and compliance requirements, related safeguards they support. While it may take a bit of time, additional due diligence and even a bit of hand-holding make it possible to mitigate the risk of shadow IT and safeguard the security, profitability and efficiency of the entire company.

Vineet Misra is a tech enthusiast leading transformational corporate IT, cloud operations, security and business intelligence programs as CIO at Lifesize. For more than 20 years, his goal has been to enhance the role of IT to be more efficient, strategic and flexible within an organization.

About the Author(s)

Guest Commentary

Guest Commentary

Guest Commentary

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT professionals in a meaningful way. We publish Guest Commentaries from IT practitioners, industry analysts, technology evangelists, and researchers in the field. We are focusing on four main topics: cloud computing; DevOps; data and analytics; and IT leadership and career development. We aim to offer objective, practical advice to our audience on those topics from people who have deep experience in these topics and know the ropes. Guest Commentaries must be vendor neutral. We don't publish articles that promote the writer's company or product.

See more from Guest Commentary
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now