Cloud, Events, General, Security

How to Prevent Shadow IT by Fostering Three Values

Hacker

Shadow IT is the unapproved usage or development of information technology systems, devices and services. This can cause security issues such as backdoors into your business, create infighting between employees, or have legal ramifications. If you want to prevent employees from casting IT shadows at your organization, focus on 3 strong values: enablement, transparency, and partnership.

Everyday Cloud Use

Here is what is great about the cloud: employees have immediate access to a broad range of productivity software and essentially limitless resources delivered through multiply redundant virtual machines, without having to clear everything with IT. Here is what is not so great: employee have immediate access to these at the workplace without having to clear everything with IT.

The recent case of Hillary Clinton operating her own private email server out of her house for official State Department correspondence has brought the concept of shadow IT into the light. While cloud-delivered software-as-a-service (SaaS) apps such as Dropbox seem to be (by far) the most prevalent form of shadow IT, Clinton’s system similarly existed outside the infrastructure of her institution.

As we pointed out in our exploration of the Clinton case, Shadow IT is incredibly prevalent. It’s so prevalent, in fact, that Gartner Research analyst Simon Mingay argues we should “engage with [shadow IT] and adopt practices that will exploit it as a delivery mechanism, albeit with some guardrails and clarification of accountability to mitigate the risks and enhance the value.” In other words, you don’t have to outlaw shadow IT but should scale it back to prevent legal and security issues.

A Struggle for Control

How does reliance on shadow IT begin? Once upon a time, IT departments used to be completely in charge of computing within the enterprise. No matter what department people were in, the IT department was the only way for them to get the electronic services they needed.

The flexibility and deployment simplicity of the internet and computers in the modern age have accelerated shadow IT. As suggested above, it’s too easy to say that it’s negative. As Anjali Acharya suggested in Forbes​BrandVoice, SaaS tools allow employees to optimize speed and efficiency while not having to wait for a green light from IT.

Shadow IT results in “application sprawl” as various departments go out and get something that makes sense for their immediate purposes. Plus, too often, productivity and toxic work cultures trumps security and good values. In fact, a survey conducted by Skyhigh for the Cloud Security Alliance determined that leadership at more than three out of every four companies consider cloud security to be a top business priority.

Value #1 – Enablement

The role of IT leadership is to provide technology frameworks and an operating model to facilitate but not throttle innovation. IT departments need to understand the needs of the business and see where tech associated with shadow IT would meet these needs.

Rather than excising the accounts and applications of shadow IT, it should be properly assessed and integrated into procedures. Give your employees access to the services and resources that will help them excel, and don’t obsess over security upfront.

By deploying a blend of public and private systems, you could create an environment that is ideal for self-servicing and collaboration. Now, the workforce is less inclined to dodge IT to meet its needs. At the same time, IT is aware of private systems being used and can take them into consideration. Moreover, now that employees can be managed remotely through cloud services and applications such as workforce management software, IT can function more efficiently and effectively without worrying about cybersecurity.

Value #2 – Transparency

Many people’s eyes glaze over when you start to talk about growth, targets, and computing in your company. Part of the reason is because the human element often gets stripped away from the code and machines. Do your best to find common ground by being transparent.

If you can be open and transparent and say, ‘hey, this need to change,’ whilst listening when others say the same – you’ll have a better relationship with your IT department and employees. You don’t want employees going behind managers’ backs to make deadlines meet. At the same time managers have to understand current limitations and risks and openly acknowledge them in order to overcome them.

With the rise of cloud computing, corperate perspective toward IT has adapted and can be made up of three components:

  • IT controlled by business divisions
  • IT controlled by IT
  • IT with shared control.

While you won’t control all the systems in the model advocated you can provide information to all employees so that everyone is dedicated to reasonable guidelines.

Value #3 – Partnership

You want your organization’s technological environment to be characterized by partnership rather then “we-they” infighting. Again, you do not want departments going behind each other’s backs or creating secular bubbles where trust and cooperativeness are seldom found outside.

Your main goal with this value is to keep communication channels open and morale high. Neither side should want to point fingers when issues arise because you’ve created a culture of mutuality or survivalism in the workplace.

Fostering a positive work environment that rewards communication and collaboration can be an effective way to foster partnership. This can be achieved by adhering to the first two values discussed, but there are other methods. For example, you could integrate a gift card API reward scheme for employees that show the spirit of collaboration.

Congdon of RedHat says that in his business he tends to think of his employees as problem-solvers and includes them in IT decisions. When a new application or infrastructural approach is identified, the whole department looks it over and determines if it makes sense from a business perspective.

Once that aspect is satisfied, the IT department reviews the solution by price-checking, running a risk assessment, and evaluating potential challenges of integration. If the tool passes from both a business and IT standpoint, it is incorporated. The benefit of this procedure is that employees start seeing IT and management are ‘on their side, and have increased confidence and trust in them.

Providers Who Share Your Vision

To tackle shadow IT, you want the business side to appreciate the tech side for its consultative expertise characterized by values of enablement, transparency, and partnership.

If you want to consistently deliver on those values, it’s best to work with providers who share your vision. A customer-centric IaaS provider that forms transparent partnerships with between, employees, managers, and clients could enable their success.

By Kent Roberts