Shadow IT – a cause for concern or an enabler for the business

cyber security
Third Windows zero day exploit uncovered.
Understanding a risk, and how to respond and recover from it, requires knowing how it affects the rest of the organisation’s processes and people.
Shadow IT a new aspect for businesses to consider.

Shadow IT is not a new concept. It emerged as a result of employee frustration from IT departments’ often rigid rules and inflexible standards. These issues impacted IT’s speed to deliver services and meet employee requirements. Unfortunately, while Shadow IT may enable agility and speed to market, it also brings with it a few risks. Security becomes a concern if IT departments are unable to monitor various user applications and multiple devices, and they are also faced with having to support the devices, programs and applications that users or employees source themselves.

Employees will find their own way with IT

The average employee is far more tech savvy than ever before and, beyond having a host of business applications at their very fingertips, they are equipped with knowledge of what technology is available and how to use it. The advent of Bring Your Own Device (BYOD) and cloud services has also encouraged users to rely on their own technology. Often finding it easier to use their own, familiar technology, apps and programs, than to adhere to IT standards that may or may not be compatible with their device, or as user friendly as what they know. Even if the program or app used is compatible, many other questions are left unanswered. For example, how can Shadow IT affect the business? And, will this effect be positive, or negative? In addition, who has control?

What Shadow IT means for Business

Shadow IT can enable businesses to grow, and achieve their strategies and objectives quicker. It also enables them to shift with market demands, unencumbered by IT standardisations and regulations. From an IT perspective, it can put pressure on IT to deliver services more efficiently and in line with business needs, encouraging agility and speeding up continual service improvement cycles.

However, Shadow IT is still a cause for concern, if left unmonitored. Most business experience problems as their IT management is not agile enough, with the correct policies and governance procedures to manage security risks caused by Shadow IT.

What Shadow IT means for IT security

IT needs to be able to support the applications and devices within the business, and security falls at the heart of this control. Information Security Management, which forms part of the risk process, is aligned with a business’s governance policies and procedures. These boundaries are kept flexible enough to allow for Shadow IT while being outlined and enforced properly by the business. As a result, Information Security Management can ensure the proper support and security measures are in place to enable effective Shadow IT.

Shadow IT can find harmony with the business

Business managers should to be agile and quick to answer market needs and they rarely have time to wait for IT departments to provide solutions and services fast enough. As a result, they source their own solutions. In a well organised IT environment underscored by enforced governance, processes and policies, business can work hand in hand with IT to provision their own solutions, achieving their business outcomes quickly and effectively while minimising the risk to security and avoiding a tangled mess of infrastructure.

The business is dependent on underlying IT services and infrastructure in order to remain competitive and deliver their services. IT needs to ensure they have a service strategy in place that enables alignment with business needs and service improvement programs, to allow for quick adaptability. Shadow IT can be a cause for concern however if managed appropriately, within the framework of the organisations governance and policies, it can enable and increase the businesses value.

by Edward Carbutt, Executive Director at Marval Africa