What Is Shadow IT? And How Can We Manage It Efficiently?

What Is Shadow IT?

Bring Your Own Cloud (BYOC) and Bring Your Own Device (BYOD) have changed the way that people work by putting users in control of their productivity. Employees can now obtain the capabilities they want, when they want and for as long as they want, without having to wait for IT to build it. And with tangible improvement in convenience and productivity there is no turning back now.

This is bad news for IT because this parallel IT environment, typically known as “Shadow IT,” is being created without consulting with and often without even informing IT. Suddenly, IT personnel are being asked to support technologies they have neither tested nor approved. And worse, in some cases, these technologies can violate compliance mandates and can introduce unknown Vulnerabilities. So what should IT do? Should they ignore it and hope it goes away or should they put a stop to it and be viewed as an impediment to progress?

Neither is a good option! “Shadow IT” is not going away and given the distinct benefits of agility and productivity, stifling this movement is clearly not in anyone’s best interest. IT needs to embrace “Shadow IT” but ensure that the interests of the organization are not compromised. And the best way to manage “Shadow IT” it is by making your IT an integral part of the value chain.

The following are five tips for managing “Shadow IT” in the enterprise that allow businesses to take advantage of emerging technologies and IT to be able to understand and control what is added to the environment.

1: Identify ”Shadow IT”

The first step in overcoming “Shadow IT” is to identify it. Without insight into what tools users are purchasing and using at work, it’s impossible to know how to manage them. The second is controlling it. This may be accomplished through a combination of Whitelists, whereby unauthorized applications cannot be run on company issued IT assets, and notification tools that alert IT if someone does attempt to run an unauthorized app.

2: Accommodate the needs of the BU

In order to accommodate the needs of the Business Unit (BU), IT can create and share a list of approved software and applications beyond the standard issue software. This would serve as a cheat sheet for business units making their own purchase decisions. By following the list, the BU would be pre-authorized to make a purchase and IT is assured that the introduction does not cause security risks or compatibility issues. IT should also put a process in place that allows them to quickly approve/disapprove new applications actively sought by Business Units.

3: Communicate effectively

Actively communicate your Business Continuity/Disaster Recovery/Data Security and other policies so that BUs, choosing to rely on outside providers for their services, can negotiate SLAs that meet or exceed the internal availability and performance expectations. Create templates so that the BU decision makers are asking the right questions such as: “In the event of a failure of the SaaS app or hosted technology, is the data backed up? Can the data and business workflow be recovered somewhere else?

4: Implement strategy across entire organization

Creating policies in a vacuum makes it nearly impossible for sys-admins to properly manage the performance and resource issues of day-to-day operations, let alone “Shadow IT.” By implementing a strategy across the entire organization, you empower employees to come out of the shadows, and to report issues subsequent of “Shadow IT,” such as a network slowdown, and alert IT.

5: Reduce complexity

Deploy tools that enable you to monitor services running outside your physical environment, encourage your Business Unit IT professionals to use these tools. By unifying your solutions, you not only simplify the management of your infrastructure, you achieve greater insight into how your resources are being used to ultimately reduce mean time to resolve (MTTR) problems.

With some proactive readjusting, IT can enable users while mitigating and minimizing the risks that are often associated with third-party apps and services in the Workplace. This ultimately will help to bring users out of the shadows of “Shadow IT.”

By Deepak Kanwar, Senior Manager, Zenoss

Louis
Real-time Enterprise Software Data Enterprise software startups are capitalizing on real-time data to continually improve revenue, costs, cash flow, marketing, and sales as their business grows. The majority of software startup CEOs spoken with have ...
Stacey Farrar
Document Migrations Require More Diligence Data creation has risen dramatically in recent years and shows no signs of slowing. According to analyst firm IDC, widespread remote work led to a spike of new data in ...
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...
Drew Firment
Here’s How to Make Sure Your Skills are Cloud Ready This year will be a period of meteoric growth for the cloud industry. Research from Gartner suggests that global spending on public cloud services in ...
JK Chelladurai
Maintain telecom tax compliance The Telecommunications industry is one of the most heavily taxed service industries. In countries such as the United States, providers have to keep on top of Federal, State, and District taxes, ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.