ISO 27001 | SSAE 18 SOC 2 Certified Sales: 317.275.0021 NOC: 317.275.0001
TechRepublic: Fear and loathing in shadow IT
Takeaway: Rather than continuing to fight shadow IT, consider taking a reasoned approach to understanding and adopting services that provide a compelling business benefit.
A great point of consternation in the IT press is the perceived threat of “shadow IT.” By the sound of it, one might think this involves James Bond types discussing the overthrow of governments behind your server racks, but it refers to technology that is brought into the company without IT’s approval, and generally without IT’s knowledge. CIOs are admonished to embark on a crusade to eliminate shadow IT and are told of the grave security threats it presents (and conveniently offered a raft of vendor “solutions” to deal with the problem).
While shadow IT may sound like a threat to be mitigated, this cat is not only out of the bag, but it’s your new competition. In many cases, shadow IT is everything that corporate IT is not: it’s easy to use, universally and conveniently accessible, and highly customizable, and it encourages rapid collaboration and knowledge sharing. In the simplest case, employees using “shadow IT” might copy documents to personal computers at home for editing and reading, preferring their large monitors, familiar and current software, or a favorite keyboard. On a grander scale, companies spend millions developing internal employee directories laden with corporate features, but employees turn to Facebook or LinkedIn to keep track of their internal peers. So how do you deal with shadow IT? Most companies take one of three approaches:
The Arms Race
Like it or not, shadow IT tools are now your competition, and most employees have no qualms about shopping “outside the wall” for an application or tool that will fit their legitimate business needs. A sales rep who frequently shares documents might employ dropbox, or marketing may already be all over Twitter in violation of a universally ignored policy document. Home-based workers may have even abandoned the clunky, outdated laptop you issued and be working productively on a nonapproved, nonsecured, nonmanaged workstation. Oh, the humanity!
More of the TechRepublic article from Patrick Gray