This week, CIOs came together for an hour to discuss shadow IT in a live twitter chat hosted by Search CIO. We take a look at some highlights and different perspectives on shadow IT from IT leaders.
To start, the host asked how to define shadow IT, and under what circumstances it can be considered healthy. Respondents fell into a common mindset, with most considering shadow IT a sign of innovation from employees.
University of Mississippi Medical Center CIO David Chou answered that shadow IT represents tools not provided by IT that make employees more efficient. This progressive point of view dispels the notion that shadow IT is a negative. Instead, unsanctioned cloud use is an indication that employees are taking the opportunity to become more efficient.
CIO advisor Tim Crawford echoed this sentiment, taking issue with the negative connotation that comes with the phrase. Employees are not trying to do anything wrong or harm their organization by adopting unsanctioned cloud services. On the contrary, they are trying to do their jobs better, thereby benefitting their organizations.
Brian Katz of Sanofi explains the root cause behind shadow IT: IT can’t provide tools quickly enough. One could argue that this is not necessarily a shortcoming of IT, but rather fact of life in the world of consumerized IT, where SaaS offerings are just a click away. In other words, there will likely always be a minimum degree of shadow IT since the CIO can’t anticipate every service that every employee might need.
Mark Thiele of Switch raised the point that not all shadow IT is positive. From a security standpoint, employees may unknowingly use services that pose security liabilities, such as claiming ownership of uploaded data. Employees simply do not have the resources or tools to understand and evaluate all the risk attributes of every cloud service they might use.
On the other hand, employees can use cloud services for the wrong reasons. In many cases, employees could use cloud services to exfiltrate corporate data. They also could use services such as torrents that may violate copyright law, putting organizations at legal risk. These cases are two examples of why the CIO needs visibility into shadow IT.
Finally the million-dollar question came up: how should organizations deal with shadow IT? Having worked with over 350 enterprises on transforming shadow IT into an opportunity to securely and efficiently leverage the cloud, our CEO, Rajiv Gupta, has unique insight into cloud adoption best practices. Just as Thiele’s comment implies, flexibility is tantamount when it comes to addressing shadow IT. CIOs should be prepared with different tools and responses for a variety of use cases. Of course, it all begins with taking the initiative to find out how employees are using the cloud.
CASB Magic Quadrant 2019 is here – McAfee a Leader for third consecutive year
CASB RFP Template: 200+ Common Questions Enterprises Are Asking
9 Cloud Computing Security Risks Every Company Faces
Office 365 Security Concerns: Download Definitive Guide to Office 365 eBook
51 AWS Security Best Practices