Have you noticed a shift in your organization towards integrating technology work within business teams rather than being solely managed by IT? How do you ensure that technology decisions made by business teams align with the overall IT strategy and security standards?
Sort By:
Oldest
CISO in Finance (non-banking)8 months ago
In the last couple of years, we have seen a shift from sole management by IT to business unit integration. I think a major reason for this trend is the business team's desire to expedite their needs. One of the things that a business should have in place to ensure alignment with the overall IT strategy and standards is a solid enterprise vendor management program that includes an IT and security review. CTO in Software8 months ago
With Shadow IT, where Business Leaders make IT decisions, and the advent of No Code / Low Code Applications Platforms, like AI/ML Engines, integration API solutions that are Drag-and-Drop enabled, and Community Development, it's important IT Strategists embrace these innovations, but steer these solutions with Cybersecurity and Privacy in mind. For example, with Generative AI taking off, which could be a Cybersecurity and Privacy nightmare, Generative AI solutions exist with SecureGPT, that are either containerized/cloud-based with ZTNA concepts enforced or on-prem, secure with OAuth2.0 encryption, with Role-based Access Controls and dashboards for various KPI's for the enterprise, all drag-and-drop enabled in a Low Code / No Code Applications Platform. Companies like IBM, Cisco with Splunk, Juniper with MIST and Accure.AI provide such solutions, which could be considered!Retired - Former Executive Advisor, CEO / CIO in Manufacturing8 months ago
It is pretty arrogant of Corporate IT to believe we are the only ones who can create solutions and manage them - there is a lot of Tech knowledge in our departments. It is true that Shadow IT comes from a failure of Corporate IT to meet every department's needs, owing mostly to limitations on budget and staff. But by embracing Shadow IT we expand IT capabilities overall and do so without impacting Corporate IT's budget and manpower!It is best to encourage and nurture Shadow IT, but with some ground rules:
1. Any department that wants to do their own IT thing is welcome to do so, but must meet with Corporate IT so we know what they want to do, and why. Sometimes we determine we should take on this role and if not, we offer suggestions.
2. The department's solution may not compromise security and must be auditable by our Audit teams.
3. The department, and Senior Management, must understand the department will be fully responsible for the solution - they cannot blame or run to corporate IT.
Item 3 sometimes puts an end to Shadow IT requests.
It's arrogant to think that the IT department know more than HR when selecting an HRIS, or Finance when selecting an ERP. The list goes on. Tech should absolutely be at the table when selecting the tool, and can offer support in managing it, but the business needs to be responsbile for the tools they choose and use.