Bring Your Own Cloud (BYOC) and Bring Your Own Device (BYOD) have changed the way that people work by putting users in control of their productivity. Employees can now obtain the capabilities they want, when they want and for as long as they want, without having to wait for IT to build it. And with tangible improvement in convenience and productivity there is no turning back now.
This is bad news for IT because this parallel IT environment, typically known as “Shadow IT,” is being created without consulting with and often without even informing IT. Suddenly, IT personnel are being asked to support technologies they have neither tested nor approved. And worse, in some cases, these technologies can violate compliance mandates and can introduce unknown Vulnerabilities. So what should IT do? Should they ignore it and hope it goes away or should they put a stop to it and be viewed as an impediment to progress?
Neither is a good option! “Shadow IT” is not going away and given the distinct benefits of agility and productivity, stifling this movement is clearly not in anyone’s best interest. IT needs to embrace “Shadow IT” but ensure that the interests of the organization are not compromised. And the best way to manage “Shadow IT” it is by making your IT an integral part of the value chain.
The following are five tips for managing “Shadow IT” in the enterprise that allow businesses to take advantage of emerging technologies and IT to be able to understand and control what is added to the environment.
The first step in overcoming “Shadow IT” is to identify it. Without insight into what tools users are purchasing and using at work, it’s impossible to know how to manage them. The second is controlling it. This may be accomplished through a combination of Whitelists, whereby unauthorized applications cannot be run on company issued IT assets, and notification tools that alert IT if someone does attempt to run an unauthorized app.
In order to accommodate the needs of the Business Unit (BU), IT can create and share a list of approved software and applications beyond the standard issue software. This would serve as a cheat sheet for business units making their own purchase decisions. By following the list, the BU would be pre-authorized to make a purchase and IT is assured that the introduction does not cause security risks or compatibility issues. IT should also put a process in place that allows them to quickly approve/disapprove new applications actively sought by Business Units.
Actively communicate your Business Continuity/Disaster Recovery/Data Security and other policies so that BUs, choosing to rely on outside providers for their services, can negotiate SLAs that meet or exceed the internal availability and performance expectations. Create templates so that the BU decision makers are asking the right questions such as: “In the event of a failure of the SaaS app or hosted technology, is the data backed up? Can the data and business workflow be recovered somewhere else?”
Creating policies in a vacuum makes it nearly impossible for sys-admins to properly manage the performance and resource issues of day-to-day operations, let alone “Shadow IT.” By implementing a strategy across the entire organization, you empower employees to come out of the shadows, and to report issues subsequent of “Shadow IT,” such as a network slowdown, and alert IT.
Deploy tools that enable you to monitor services running outside your physical environment, encourage your Business Unit IT professionals to use these tools. By unifying your solutions, you not only simplify the management of your infrastructure, you achieve greater insight into how your resources are being used to ultimately reduce mean time to resolve (MTTR) problems.
With some proactive readjusting, IT can enable users while mitigating and minimizing the risks that are often associated with third-party apps and services in the Workplace. This ultimately will help to bring users out of the shadows of “Shadow IT.”
By Deepak Kanwar, Senior Manager, Zenoss
