Re: In Praise Of Shadow IT
I certainly agree with you, Eric. If nothing else, the ultimate lesson here is that you can't stop employees from doing what they want to do - the expression 'rules are made to be broken' was not created by people who loved compliance and corporate security. When it comes to technology compliance, the proof is on the table that your employees are only going to follow your rules up to a point. However, you're also right to suggest that there's an opportunity here to leverage this to your benefit. You can save yourself time, money, and headaches if you sit down and evaluate whether you really want to be that iron-fisted after all.
On the other hand, we ought to bear in mind that these policies do exist in the first place for a reason. We wouldn't say 'well if employees just want to sneak in through the window instead of using their keycards, whose fault is that?'. Maybe if everyone was doing it, there's some consideration that your check-in policy is a little too cumbersome, but 9/10 times, you're just going to fire those employees. Maybe in the year 2014, IT security does need a closer look, though - are people really trying to steal your marketing plans for next quarter? probably not. Compliance and Security rules certainly ought to be enforced, but it's worth taking a look back and making sure you're actually asking your employees to comply with something you still care about.