Shadow IT is becoming a big problem for many organizations. What are some of things your organization do to identify and manage shadow IT?
Sort By:
Oldest
Director of IT in Education5 years ago
In a college environment it is very hard dealing with Shadow IT due to the fact most faculty expect "academic freedom" and can do what ever they need to in order to teach. To handle most of our Shadow IT issues we mainly try to educate our employees of the risks to the University due to the lack of security measures with Shadow IT.VP of Product Management5 years ago
There are 2 ways in which we have been able to address Shadow IT issues. One is regulatory (SOX compliance) and other one which is more common is the inability for LoB to sustain and maintain the application on their own. I have experienced in some cases where the LoB team have their own technology dev, analysis, QA and change management team to drive implementations, but fall short of meeting SOX compliance parameters. The best way to identify is to ask the LoB heads to self disclose these applications in their area, failing which they will have to take care of any SOX audit issues by themselves(which most of the LoBs do not want to). Once these applications are disclosed, IT teams can create a risk profile around these apps, and share the same with LoB heads. The risk profile should indicate how quickly these applications have to be remediated to meet compliance factors. The rest is the standard SDLC process to help these applications meet the necessary standards and helping set up collaboration between LoB and Tech to manage these apps. Obviously you cannot solve all the shadow IT issues in a year or two, infact you will
Have to live with, it is a choice of which apps to be managed by IT and which ones to be left with business
Director Certifications in Education5 years ago
Did you ever consider looking at a CASB tool? I would recommend looking at McAfee MVISION Cloud? This tool is amazing, it provides critical capabilities such as identifying all cloud applications/services being access through your network, it has a lot of additional capabilities for securing your network and systems.
VP of Product Management5 years ago
Yes, some of these tools can help identify the cloud application access. These tools can help you identify accessing of some SaaS applications, Office 365 and any other portal that LoB may be accessing for business or non business purposes. Filtering them and identifying the right apps is hard. But unless the onus of identification and remediation is with business, the tools will not help.Director Certifications in Education5 years ago
I agree.
Assistant VP, Interim CIO in Education5 years ago
What we're trying to do is make them as partners-- shadow IT as partners and assist us so that we share the same policies. If you want to do certain things, do it this way. Although we don't have that big of a shadow IT presence on campus.Founder/CTO in Hardware5 years ago
The need to help educate them on issues with running there own servers, printers etc. The reasons they don't want to is they believe IT is slow and cumbersome. However, what they miss is things like security issues, regulatory and compliance issues. The others are what happens when you have problem or the equipment fails? I will assume you have control over the network which means you have to have the tools to detect any malicious activity and you should be able to turn off any ports for physically connected devices and should be able to pull authorization or wireless. Director of IT in Education2 years ago
It is balancing act and continuous challenge with evolving technologies.