Five Ways to Shine a Light on Shadow IT - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership
09:00 AM
Vineet Misra, CIO, Lifesize
Vineet Misra, CIO, Lifesize

Five Ways to Shine a Light on Shadow IT

Rather than resist shadow IT, CIOs can work as partners with the departments that are running the applications, keeping company data safe and secure.

Today’s fast-paced work environment finds employees striving to improve efficiency, productivity and communication. In an attempt to excel at work, they often use applications, services, data storage and sharing beyond IT’s approval. This practice — known as shadow IT — is having an obvious impact on technical support teams by undercutting sound governance and reducing operational efficiencies.

According to Gartner, by 2020, one-third of security breaches will be because of shadow IT.

Image: Bykst/Pixabay
Image: Bykst/Pixabay

There are five ways, though, that IT can become a trusted ally across an organization and build a plan of action against the security vulnerabilities and unnecessary costs of Shadow IT.

  1. Seek out the biggest shadow IT opportunities. Information is knowledge and knowledge is power. Take inventory of who is using what programs across the company. With this information, IT can then assess potential issues and make appropriate changes. Monitor closely to see if any new and unknown tools or applications pop up in regular scans. Depending on results, an enterprise-wide vulnerability scan may be necessary. Network sniffers and security scanning tools can provide detailed information on new and unknown data streams. While monitoring does not remove the threats of shadow IT, it does provide the IT department with better insights and the ability to start risk assessments or research alternative solutions.
  2. Assess security and efficiency risks and provide suitable alternatives. Take advantage of creating an open dialogue with your colleagues — your internal customers — across the company. Listen to their feedback, learn more about the problems they’re trying to solve, and be willing to provide input on which tools may be a security concern, and offer an alternative. I once had a request to review a tool that was already approved and deployed by another department in the organization. In this case, it was a lot easier (and a lot cheaper) to adjust our plan to add a few more licenses than it would have been to initiate a whole new contract.
  3. Encourage employees to come forward with their requirements. Let’s look at supporting teleworkers as an example. If you don’t have an IT-approved way of enabling employees to work remotely, it is almost certain they will find a way to do so on their own. That’s when things get tricky. There is a tendency for IT organizations to not be very open to new requirements needed by employees to do their job. IT should offer a safe haven for those employees and departments to come forth with their requirements and even suggest possible solutions that they would like to see implemented. By working together, IT can then take a look at the programs, determine the risk and offer comparable solutions, where needed, to achieve beneficial outcomes for all.
  4. Vineet Misra, CIO, Lifesize
    Vineet Misra, CIO, Lifesize

  5. Become more involved in the application selection process. This truly comes down to trust and relationships. It is important for IT to build a rapport with every department head and meet regularly to discuss their technology strategy. Establishing an open dialogue between departments and the IT organization helps to remove the “us” versus “them” notion and makes technology transparency and potential risks of adopting unapproved technologies less of an issue. Having a seat at the table in the strategic planning stage will reduce most surprises around shadow IT down the road.
  6. Keep in mind that not all shadow IT is bad. It is very possible that not everything you discover when mitigating shadow IT is bad. The tools you discover are truly the voice of the customer, showing you what teams really need to be successful. It even may be that these applications can be beneficial to other departments. Be open to feedback from department heads and work together to have IT be part of the strategic planning for the department and company from the beginning.

The bottom line is that shadow IT doesn’t have to be prevalent if there is open communication between IT and its customers. Employees typically engage in shadow IT because they think it will save time and money by not involving IT in the approval process for the technology they want to use to be more efficient. In reality, going around IT just bypasses the critical management, integration, security, and compliance requirements, related safeguards they support. While it may take a bit of time, additional due diligence and even a bit of hand-holding make it possible to mitigate the risk of shadow IT and safeguard the security, profitability and efficiency of the entire company.

Vineet Misra is a tech enthusiast leading transformational corporate IT, cloud operations, security and business intelligence programs as CIO at Lifesize. For more than 20 years, his goal has been to enhance the role of IT to be more efficient, strategic and flexible within an organization.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll