Social Network For Security Executives: Help Make Right Cyber Security Decisions
Shadow IT threats involves pushing back on any initiatives that try to bypass IT and fighting the line of business managers for ownership of these projects. Shadow IT opportunity involves transforming shadow IT into official line-of-business shortcuts and becoming the corporate champion of innovative initiatives. Below are a few ways one could looks at Shadow IT as an opportunity.
There was a time when Business Apps were highly customized that they could not be upgraded or modified without the IT’s assistance and company owned systems (PCs & Laptops) were the only devices available to employees. But these days, IT monopolizing the use of technology within the organization is truly over. All evidence indicates that the Shadow IT trend is only gaining momentum. Even CIO magazine article declared that “conventional IT is rapidly becoming shadow IT”
Now, Information Security Officers ( like CISOs, CIOs) have only two choices: either to see – Shadow IT threat or Shadow IT opportunity.
In a study, analyst firm Frost and Sullivan found out that shadow IT is not actually the result of “rogue employees looking to rebel”, but rather the IT department’s inability or unwillingness to provide users with the technology they need. In this study, it was found that 49% are more familiar and comfortable with their unapproved application, and are therefore able to do their job more efficiently. Another 38% of employees blamed “slow or cumbersome IT approval processes” for the need to procure the service elsewhere. However, shadow IT poses a threat only if it is not managed correctly, or worse, ignored.
Best ways for CISOs to address the issue of shadow IT is to offer the sort of agility and functionality that employees need so they aren’t inclined to look beyond the organization. This means spending less energy on enforcing corporate policy, and more on empowering users. They must recognize that shadow IT can have positive impacts for them professionally and the organization. .
The CISO’s first step to shadow IT management is to start communicating with other business departments. IT needs to take the time to understand the root causes of shadow IT and assess whether the IT service portfolio is really meeting users’ needs. This way, the IT department can be seen to be taking positive steps towards being an enabler – rather than an obstacle – to innovation.
In terms of governance, the key is to have a complete picture of the IT organization. CISOs should have total visibility across all on and off premise environments, both physical and virtual, mobile and desktop systems, applications and services consumed by corporate users, including employees, customers and contractors. An uninterrupted view of the network is also required to identify any threats. These insights enable IT to mitigate the security challenges imposed by shadow IT.
Business functions (Be it finance, marketing or HR) are more tech-intensive and department heads want the most up-to-date technology to drive their operations. As a result, the way organizations buy technology is changing, and the technology budget is no longer solely in the hands of IT.
Shadow IT Is not A Threat To Organization:
Shadow IT is not a threat necessarily – it can be an effective way to meet changing business needs and forge tighter alignment between IT and the business. CISOs must be vigilant about identifying, assessing and managing these unofficial systems to ensure risks are minimal. CISOs need to trust the business units to choose the software and apps they need, and then assist them in making the most of these technology investments.