Are practices for managing shadow IT applicable to GenAI tools? If not, how are you changing your approach in order to manage shadow AI at your organization?

Generative AISecurity & GRCSecurity Strategy & Roadmap
2.6k views5 Comments
Sort By:
Oldest
CISO/CPO & Adjunct Law Professor in Finance (non-banking)9 months ago
Yes, it should be treated the same. As usual, an understanding of the risk should be socialized enterprise wide. Employees hear about positives in the media before hearing about negatives, if the media mentions negatives at all. xAAS, BYOD and now AI all present risks from shadow IT.

An additional factor is the fact that Covid blurred the line between Shadow IT and regular IT for some, because steps were taken to ensure employees remained productive. Even now, some employees seek to continue their near autonomy with technology. 

 A clear policy on AI use would be helpful in ensuring all users know about the issue and are held accountable, in much the same way as preventing sending corporate email to personal accounts or blocking uploading corporate files to unauthorized locations.  Making the issue known takes it out of the shadows.
Director of IT in Transportation9 months ago
We are treating employee use of AI/GenAI by adding a new section to our Acceptable Use policy, with simple but clear guidance about what is allowed and what is prohibited and what requires senior exec approval.

1
IT Director in Travel and Hospitality9 months ago
Whilst they are similar, I think the big difference is that knowledge of how to use new GenAI tools is much easier to come by, so the risk of there being a key person dependency (usually very high with shadow IT) isn’t as prevalent. 
We have put in place guidelines for use to support adoption of AI, and some guardrails there to prevent exfiltration of data, but are actively encouraging adoption rather than discouraging it as we would shadow IT
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
VP of IT9 months ago
We've developed a policy for utilizing Freeware and public General AI tools. We recommend that business units submit a detailed use case to guide them towards our private, secure, and pre-approved instances for enhanced security and efficiency.
Board Member, Advisor, Executive Coach in Software9 months ago
Shadow IT usually happens because IT isnt keeping up with the needs of the business or user.  So if you create a forward leaning approach to any new capabilities with early adopters and engagement with users/the business you will have less shadow IT in my view
1

Content you might like

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability ManagementSecurity Strategy & Roadmap
Director of IT in IT Services4 days ago
Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.
1.4k views1 Comment

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

How can CISOs influence (or perhaps even contribute to) the business’s AI adoption strategy?

Security Strategy & RoadmapSecurityDisruptive & Emerging Technologies+3 more
CISO in Manufacturinga month ago
CISOs have a unique opportunity to proactively shape their organization's AI adoption strategy, Because AI adoption is either in the process of emerging or companies that have already gone down a path are readjusting their ...read more
1
Read More Comments
701 views6 Comments

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments