Comments
In Praise Of Shadow IT
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
GAProgrammer
100%
0%
GAProgrammer,
User Rank: Ninja
6/20/2014 | 10:23:25 AM
Re: What's the debate here?
I have to disagree here. While I agree that IT should not always say "No" immediately, to say that "IT MUST give users corporate-approved, cloud-based file storage alternatives that are easy to use -- and defensible on the security, regulatory, and compliance fronts. That's not optional anymore" is very short sighted. Sure, cloud based storage and could based tools are used in tech journalism. It is even used in some (and by some, I mean a minority of businesses) instances. But it is far from mandatory and far from being used in a majority of companies these days.

I realize that tech journalists read about this stuff all the time. But let's be real - in a year you might read about 500 companies on the leading edge of tech. That is such a small peice of the pie that it's a bad idea to extrapolate a few early adopters and cool, innovative implementations as the de facto standard for how a business really runs in 2014. Those are the exceptions, not the rule. Isay this as someone who fights this fight on a weekly basis.

Not to mention that finding "corporate-approved, cloud-based file storage alternatives that are easy to use -- and defensible on the security, regulatory, and compliance fronts" takes a lot of time, testing and money and can't just be approved in a week's time. Especially in countries and/or highly regulated industries.
GAProgrammer
50%
50%
GAProgrammer,
User Rank: Ninja
6/20/2014 | 10:12:45 AM
Re: Speed of moving and IT budget
And that's part of the point. At $100 a user for a 1,000 user company, you are talking $100k/year just for that feature.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
6/10/2014 | 4:17:39 PM
Re: What's the debate here?
IT should also strive not to be the organization the defaults to "no." The pace of work today doesn't fit with foot-dragging or unncessary barriers.
peteraltschuler
100%
0%
peteraltschuler,
User Rank: Apprentice
6/10/2014 | 11:15:52 AM
Re: Speed of moving and IT budget
This is where newer technologies provide a distinct advantage -- in cost. There are several firms, such as Webalo, Catavolt, and Capriza, that make it possible to access enterprise resources (securely) for a fraction of traditional costs. For something as basic as reports, a mobile version can be created automatically in seconds (and modifications can be made manually), but the cost is incremental. That's because the subscription fee structure is under $100 per user for an entire year... no matter how many enterprise-to-mobile configurations are created.

In a situation like that -- with access to the files and data that people rely on to do their jobs -- IT provides secure access (either through the technologies' encryption or through the organizations' mobility management tools) and employees can function without the need for third-party, cloud-based alternatives.
Laurianne
50%
50%
Laurianne,
User Rank: Author
6/10/2014 | 11:10:10 AM
Re: What's the debate here?
IT must give users corporate-approved, cloud-based file storage alternatives that are easy to use -- and defensible on the security, regulatory, and compliance fronts. That's not optional anymore.
bleylock
100%
0%
bleylock,
User Rank: Apprentice
6/10/2014 | 9:25:08 AM
What's the debate here?
I'm sure everyone agrees companies need to have rules, processes and technology in place to protect their critical data. I'm also fairly sure folks would agree that it is not possible for IT shops, especially in large organizations, to keep up with the plethora of cloud offerings that come out daily. However, I fail to see how that is a reasonable excuse to simply allow anyone to put the company data at risk with any tool they happen to read about on the plane.

Corporations have a vested, often regulatory-based, interest in controlling their data and folks that willy-nilly elect to bypass these controls are not acting in the best interest of their employers, no matter what they might think. IF they are chafing under some rules or restrictions they find constraining to productivity, the proper course of action is to escalate the perceived problem up the management chain until a decision is reached.

The real culprit here, if there is one, are bad InfoSec teams. The security team that reflexively says "No!" to all such requests is a bad one. Instead, InfoSec should be partners with those seeking change and work to do things securely and within the regulartory controls they legitimately need to enforce. Using a cloud service is a means to an end, not an objective to itself. If Shadow IT and InfoSec can come to an agreement on how to meet their ultimate objectives securely, everyone wins whether the Cloud is used or not.
Curt Franklin
50%
50%
Curt Franklin,
User Rank: Strategist
6/10/2014 | 9:17:45 AM
Re: Nail, meet head
@SaneIT, I think one of the critical points is being able to come up with policies that use hard "set points" of behavior and allow tremendous flexibility around those points. The policies should spell out quite precisely who's responsible for data (and access to applications) at each step of the way. Looked at another way, the policies should focus on "outcomes" or goals, rather than methods and technologies.

It's going to be rough sledding for a while because this goes against the way in which IT has thought of its own governance for most of its history. The result, though, can be a more robust, more responsive IT structure that still maintains the standards for corporate behavior.
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
6/10/2014 | 7:32:24 AM
Re: Nail, meet head
" resourcing it to be able to keep up"

Here's the catch, if you enable your employees to do a little Shadow IT and bring their own solutions, when something goes horribly wrong who is on the hook for data loss?  Who is called in to explain why employees are going around corporate resources and storing their files on a server seized by the CIA?  Who has to pay when a crypto locker virus hits your corporate network because an employee is using their own un-protected laptop in the office?  IT is there for a reason, if a company and its employees feel like the company is not advancing quickly enough technologically then they need to stop treating their IT staff like the enemy and equip them to get out ahead of the technology curve.  Too often IT is treated the same way a company treats the lawn service that keeps up the property around your office building. As long as everything looks OK then they ignore them but when a patch of grass dies or some weeds pop up all of a sudden people get excited about how the job is being done, or not done.
asksqn
50%
50%
asksqn,
User Rank: Ninja
6/10/2014 | 3:50:56 AM
Job security for law firms
It will be fascinating how this buy your own software/bring your own device/do your own thing plays out with regard to manner of work performed and devices provided since the definitions of these services indicates whether employees are considered W-2 or 1099 independent contractors.  I predict an uptick in work for labor-employment legal professionals. 
zerox203
50%
50%
zerox203,
User Rank: Ninja
6/9/2014 | 8:23:30 PM
Re: In Praise Of Shadow IT
I certainly agree with you, Eric. If nothing else, the ultimate lesson here is that you can't stop employees from doing what they want to do - the expression 'rules are made to be broken' was not created by people who loved compliance and corporate security. When it comes to technology compliance, the proof is on the table that your employees are only going to follow your rules up to a point. However, you're also right to suggest that there's an opportunity here to leverage this to your benefit. You can save yourself time, money, and headaches if you sit down and evaluate whether you really want to be that iron-fisted after all.


On the other hand, we ought to bear in mind that these policies do exist in the first place for a reason. We wouldn't say 'well if employees just want to sneak in through the window instead of using their keycards, whose fault is that?'. Maybe if everyone was doing it, there's some consideration that your check-in policy is a little too cumbersome, but 9/10 times, you're just going to fire those employees. Maybe in the year 2014, IT security does need a closer look, though - are people really trying to steal your marketing plans for next quarter? probably not. Compliance and Security rules certainly ought to be enforced, but it's worth taking a look back and making sure you're actually asking your employees to comply with something you still care about.
Page 1 / 2   >   >>


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.