Five Ways to Shine a Light on Shadow IT - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership
09:00 AM
Vineet Misra, CIO, Lifesize
Vineet Misra, CIO, Lifesize

Five Ways to Shine a Light on Shadow IT

Rather than resist shadow IT, CIOs can work as partners with the departments that are running the applications, keeping company data safe and secure.

Today’s fast-paced work environment finds employees striving to improve efficiency, productivity and communication. In an attempt to excel at work, they often use applications, services, data storage and sharing beyond IT’s approval. This practice — known as shadow IT — is having an obvious impact on technical support teams by undercutting sound governance and reducing operational efficiencies.

According to Gartner, by 2020, one-third of security breaches will be because of shadow IT.

Image: Bykst/Pixabay
Image: Bykst/Pixabay

There are five ways, though, that IT can become a trusted ally across an organization and build a plan of action against the security vulnerabilities and unnecessary costs of Shadow IT.

  1. Seek out the biggest shadow IT opportunities. Information is knowledge and knowledge is power. Take inventory of who is using what programs across the company. With this information, IT can then assess potential issues and make appropriate changes. Monitor closely to see if any new and unknown tools or applications pop up in regular scans. Depending on results, an enterprise-wide vulnerability scan may be necessary. Network sniffers and security scanning tools can provide detailed information on new and unknown data streams. While monitoring does not remove the threats of shadow IT, it does provide the IT department with better insights and the ability to start risk assessments or research alternative solutions.
  2. Assess security and efficiency risks and provide suitable alternatives. Take advantage of creating an open dialogue with your colleagues — your internal customers — across the company. Listen to their feedback, learn more about the problems they’re trying to solve, and be willing to provide input on which tools may be a security concern, and offer an alternative. I once had a request to review a tool that was already approved and deployed by another department in the organization. In this case, it was a lot easier (and a lot cheaper) to adjust our plan to add a few more licenses than it would have been to initiate a whole new contract.
  3. Encourage employees to come forward with their requirements. Let’s look at supporting teleworkers as an example. If you don’t have an IT-approved way of enabling employees to work remotely, it is almost certain they will find a way to do so on their own. That’s when things get tricky. There is a tendency for IT organizations to not be very open to new requirements needed by employees to do their job. IT should offer a safe haven for those employees and departments to come forth with their requirements and even suggest possible solutions that they would like to see implemented. By working together, IT can then take a look at the programs, determine the risk and offer comparable solutions, where needed, to achieve beneficial outcomes for all.
  4. Vineet Misra, CIO, Lifesize
    Vineet Misra, CIO, Lifesize

  5. Become more involved in the application selection process. This truly comes down to trust and relationships. It is important for IT to build a rapport with every department head and meet regularly to discuss their technology strategy. Establishing an open dialogue between departments and the IT organization helps to remove the “us” versus “them” notion and makes technology transparency and potential risks of adopting unapproved technologies less of an issue. Having a seat at the table in the strategic planning stage will reduce most surprises around shadow IT down the road.
  6. Keep in mind that not all shadow IT is bad. It is very possible that not everything you discover when mitigating shadow IT is bad. The tools you discover are truly the voice of the customer, showing you what teams really need to be successful. It even may be that these applications can be beneficial to other departments. Be open to feedback from department heads and work together to have IT be part of the strategic planning for the department and company from the beginning.

The bottom line is that shadow IT doesn’t have to be prevalent if there is open communication between IT and its customers. Employees typically engage in shadow IT because they think it will save time and money by not involving IT in the approval process for the technology they want to use to be more efficient. In reality, going around IT just bypasses the critical management, integration, security, and compliance requirements, related safeguards they support. While it may take a bit of time, additional due diligence and even a bit of hand-holding make it possible to mitigate the risk of shadow IT and safeguard the security, profitability and efficiency of the entire company.

Vineet Misra is a tech enthusiast leading transformational corporate IT, cloud operations, security and business intelligence programs as CIO at Lifesize. For more than 20 years, his goal has been to enhance the role of IT to be more efficient, strategic and flexible within an organization.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Catherine Hudson
Catherine Hudson,
User Rank: Apprentice
5/24/2017 | 10:53:31 AM
Shadow IT monitoring
Thank you for the article! The information you are talking about under number 1 can be also collected by means of SAM tools, such as Binadox. These tools can also help to detect shadow IT and who installed it, when, and how often it is used. 
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll