Last month we examined the rise of the shadow IT department, users in your company who have embraced consumer technology and are using applications and devices not provided, or necessarily approved of, by the CIO to do their work. The natural reaction of the IT department may be to clamp down and try to destroy it but the likelihood is this will prove futile and may even be counterproductive.
Techniques for dealing with shadow IT will differ for each company depending upon its business, the degree of regulation to which it is subject and its risk tolerance but some principles are universally applicable.
Find out how people work
Whether you know it or not, your company’s employees are using technology of their choosing or using technology of your choosing in ways you never intended.
Registration is free, and gives you full access to our extensive white paper library, case studies & analysis, downloads & speciality areas, and more.
Brian Flynn, senior vice-president of IT at BCD Travel, found this out when he deployed software that monitored the content moving across his network.
Not only were employees using consumer IT tools, like instant messaging but they were using IT-provided applications to do things that were clearly security risks – such as sending sensitive information back and forth. “I am convinced that most companies are flying blind,” says Flynn. “This is going on everywhere and IT just doesn’t know.”
Fight your instinct to discourage these behaviours by legislating against them. Yes, there may be security and compliance risks but declaring open war on the shadow IT department will only turn it into an insurgency, driving it underground where it will be harder to monitor and negotiate with. Instead, consider this an opportunity to find out where the IT you have provided is out of sync with your users’ needs.
Say yes to evolution
CIOs need to make users feel comfortable about bringing their underground behaviour into the light. The first step is a change in attitude. “We tend to think of people who think ‘out of the box’ as troublemakers,” says Flynn. “But we need to realise that maybe they know what they are talking about and we should try to meet them halfway if we can.” Always try to help users figure out a safe and secure way to do whatever it is they are trying to do. “People get used to IT telling them no – and after a while they stop telling you what they are doing,” says Andre Gold, director of information security at Continental Airlines. “So we try to say yes, dot dot dot.”
Be the first to comment on this article!