Part 5: What should CIOs do about it?
While researching and writing this short series of blog posts I discovered how cloud technologies have enabled the widespread adoption of Shadow IT. In this post I am going to consider the approaches available to CIOs to deal with this menacing spectre.
There are certainly two obvious broad approaches available:
- Clamp down on all Shadow IT by enhancing perimeter devices and locking down internet access to make it very difficult to access SaaS applications. Combine this with the rigorous pursuit, and punishment, of transgressors.
- Fully embrace Shadow IT. Allow users to use whichever SaaS applications they wish in whatever manner they see fit.
The problem with the first approach is that we lose the access to the potential benefits of SaaS applications and we need to devote extra expense and resources to police the users. The problem with the second approach is that we are prey to all of the vulnerabilities associated with Shadow IT.
So is there a third option?
Of course there is! The third option would be to address the reasons cited by users for using SaaS applications in the first place. This would involve changing IT departments to be more responsive to user needs, becoming more flexible, more agile, and putting fewer barriers between users and the adoption of new applications. This should be combined with a proper approach to managing SaaS applications; IT need to be involved in setting them up to ensure that regulatory compliance is met in areas such as user authentication, authorisation, storage of data, and data security.
This would need to be tempered with a clear policy on Shadow IT and SaaS applications. It must be made clear to the whole organisation that IT will gladly work with users to help them gain access to whatever applications they want but also that any usage of SaaS applications without the prior and explicit approval of IT will not be tolerated.
An approach of this type would ensure that the IT department is marching hand-in-glove with the users to ensure future success of business operations. After all, isn’t it better to be working with the users rather than working against them?
The Impact of Cloud Computing on Shadow IT
Part 1: What is Cloud Computing
Part 3: The scale and usage of Shadow IT
Cloud Computing 
Pingback: The impact of Cloud Computing on Shadow IT (Part 1) – Cloud Computing
Pingback: The impact of Cloud Computing on Shadow IT (Part 2) – Cloud Computing
Pingback: The impact of Cloud Computing on Shadow IT (Part 3) – Cloud Computing
Pingback: The impact of Cloud Computing on Shadow IT (Part 4) – Cloud Computing
I agree that the third option is best. However, from a governance standpoint, I think a powerful detective technology is necessary. It would be important to monitor unauthorised cloud usage to know if the IT function was being responsive enough to prevent the buisiness from a wanting to create Shadow IT. Better communication between the business and IT is necessary to make this work.
LikeLike
Absolutely, IT needs to keep monitoring to make sure that users aren’t using cloud applications without authorisation from IT but IT has to ensure that users no longer want to use unaithorised cloud applications.
LikeLike