TEST to main content First level navigation Menu
shadow_it

Help shadow IT in your business come in from the cold

by ​David Levine
 
It can be incredibly challenging to maintain adequate, defensible information governance while also encouraging information sharing to boost productivity. Nowhere is this more evident than in the growing realm of “shadow IT.”

Shadow IT includes all the applications introduced into the enterprise but not approved by your IT and/or security staff. The blossoming — or explosion, depending upon your point of view — of shadow IT is fueled by the need for businesses to “get things done” and is enabled by key trends in information technology, including BYOD; inexpensive, downloadable SaaS applications; free, cloud-based storage from the likes of Google, Microsoft, Apple and others.

An information governance policy can provide a framework to address unapproved SaaS application usage and help bring shadow IT “in from the cold.” IT can use the policy to help LoB users make better service selections. Ideally, IT can make available reference architectures that provide a certain level of information security and availability. Cloud application brokerage and cloud security, while not perfect, is a big step forward from widespread use of unapproved applications.
 

​Shadow IT is not going away. The fundamental trends of more devices, thousands of easily downloadable applications and free cloud storage are simply too compelling. 

 
Let’s be clear that IT is not exempt either. The policies and frameworks guiding device and app usage should ensure that IT workers are also required to comply.

Another compelling reason to have good processes around SaaS adoption is to ensure legal and licensing requirements are properly vetted. Case in point, some applications are free for individual use but not for corporate use. This can expose the company to audits and financial penalties which in some cases can be substantial.

Of course, an accurate and up-to-date assessment of actual application usage, particularly information stores and processes, is crucial. When trying to uncover information processes flowing through shadow IT, there may be additional benefits to leveraging the outside perspective — and cross-departmental experience — of a specialist in business information processes.

An outside party may be able to bring a new perspective to the way you’ve been approaching a problem. They can bring to the table broad experience gained from multiple engagements across industries and geographies. A managed service provider may also be better able to speak the language and solicit the cooperation of LoB managers and employees.

Shadow IT is not going away. The fundamental trends of more devices, thousands of easily downloadable applications and free cloud storage are simply too compelling. There are genuine economic and productivity benefits to bringing SaaS apps into the enterprise.

Get IT out of the dark

How to address information processes occurring in the shadows.
 
David Levine
David Levine, Vice President of Information Security & CISO for Ricoh USA, Inc., helps customers limit risk and enhance their information security. Levine’s areas of expertise include operational security, access management, eDiscovery and litigation support, and HIPAA compliance. An avid auto racer, Levine holds a Bachelor of Arts degree in Information Systems with minors in Computer Science and Business from Eckerd College.