Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is shadow IT really that bad?

SAN FRANCISCO — In a lot of circles, shadow IT is considered a dirty term — something IT should prevent at all costs. In reality, however, shadow IT can be a great resource for IT departments, helping them identify problem areas and understand what users really need to get their jobs done.

The idea is that users are partners that IT should work with, not talk down to. Open lines of communication are critical to creating that partnership. In fact, if IT works with users, shadow IT can lead organizations to useful enterprise tools for file-sharing or other technologies.

Instead of just saying ‘no’ to what users want, the IT department at San Jose Unified School District seeks them out to learn more.

“Tell us what you’re doing or not able to do, and that changes the conversation, where we never would’ve known about that wonderful free application,” said Emalie McGinnis, director of technology and data services for the school system, here in a session at BoxWorks.

NASA had around 9,000 people using unsanctioned enterprise file sync-and-share (EFSS) tools. When the space agency became aware, it adopted Box to help solve the problem, said Chris Blakeley, a NASA application software developer.

“Users just want to get their jobs done, and if we don’t have the solutions for them regularly available, they’re going to do it on their own,” Blakeley said.

In other situations, rather than moving users to a new tool, IT should assess the risk of some of the unsanctioned software users work with, Blakeley said. If the risk is small, it may be better to let users work with software IT is aware of, rather than blocking it and having them find another option IT doesn’t know about that might be worse, he said.

Users aren’t out of the woods

Accountability is still critical. Just because shadow IT is not the harbinger of disaster some people think it is, users still need to take responsibility for the corporate data they interact with.

“You can’t bypass the security rules just because you want to do your job,” Blakeley said.

One way to ensure that users understand the requirements around cloud storage and file-sharing, for instance, is to create a cloud governance policy that clearly explains what software IT approves and what it denies.

“Users will want to do the right thing; it’s just that they don’t have the reference architecture [to always do it],” said Srini Gurrapu, vice president of customer solutions at Skyhigh Networks.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This entire conversation sounds really inappropriate.  As an individual that has worked in the bank regulatory and supervision business or his entire career (US Treasury - OCC), the notion that engaging in "shadow" anything within your organization just doesn't sound advisable on any grounds.  In fact, it introduces the broader danger of undermining a companies governance and culture, to say nothing of the potential for leakage of sensitive customer non-public information (NPI).  This really sounds like a bad idea without argument.  Overlay this on the risks introduced by the proliferation of BYOD as a sanctioned information sharing model and your IT Security Staff will never get ahead of the curve.  No, gotta say ...... this Shadow IT (sanctioned or not) does not sound good at all. But what do I know?
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close