For some people in a business, Shadow IT represents a credible solution to be used to address challenges, whereas for others it remains an IT strategy shrouded in secrecy and uncertainty.
According to Henning Lange, Chief Technology Officer at Johannesburg-based ICT and cloud solutions leader Elingo, the reality is that Shadow IT increases the technical footprint and has the potential to create challenges.
“Without controls on which services are used, who uses them and what limits are placed on customer data, Shadow IT can be a security disaster waiting to happen,” said Lange.
“When IT has no control of an application, they have no control over the security of or access to that application either.
“Another critical consideration for any business in any industry today is that of cost and cost management. Without the ability to control or even see provisioning and usage of systems, organisations are seeing IT costs explode,” Lange adds.
Individuals and teams may not follow best practices in provisioning instances of the right size, leasing them for the right amount of time, consuming the appropriate services, or decommissioning unused resources in order to control costs efficiently.
IT departments tend to challenge solutions that use new tech because they are difficult to support, according to Elingo.
As a result, many of the software solutions developed by organisations lack the innovation and flexibility of new technology stacks.
“Think of shadow IT not as a problem, but as an opportunity,” added Lange.
“Shadow IT unlocks new opportunities for long-term strategy because it catalyses the entrepreneurial talent and spirit hidden deep in the company.”
So, what is the best approach for businesses to take, if they are to avoid any risks with Shadow IT and leverage opportunities?
Elingo believes the trick is to build up an understanding of assets, of tools and of user-behaviour, all of which can impact security and overall operations.
The company advises that the first step is to ensure visibility – identify what kinds of tools or mobile apps employees use that can serve a specific purpose.
“Educate users on the risks that their actions can have,” explained Lange.
“Make sure employees fully understand the risks of using non-authorised apps and services, and that they know the consequences that non-compliance can have and which services are not authorised and why.”
Lange adds that it is important to determine what challenges employees face when using authorised solutions and why they prefer to use apps and services outside of what is provided by the organisation.
“It is about understanding the challenges of the business and offer solutions that will solve them,” he said.
“Cloud governance boards can establish policies that enable IT to set up a catalogue of pre-approved cloud services, which development teams can simply select from for faster provisioning. Policies are based on the user’s role, the environment, the team, and the purpose of the application.”
Click below to share this article