The article discusses the concept of shadow IT and provides suggestions on how IT departments can effectively deal with it. Shadow IT refers to the practice of employees or departments within an organization using unauthorized or unapproved technology solutions to fulfill their needs. The first suggestion is for IT teams to partner with other departments instead of blocking them. Instead of being a hindrance, IT should understand the problem to be solved and work with the shadow IT team to ensure that security concerns and operational requirements are met. By doing so, IT can foster innovation and efficiency within the organization.
The second suggestion is to set priorities and deal with real security risks. Not all shadow IT projects pose a threat to data security or compliance. IT should identify the critical IT policies that must not be breached and provide education and training to ensure general security requirements are met. If there is no significant risk involved, IT should not impede agile and innovative projects.
Furthermore, the article suggests that IT departments should view shadow IT as a force multiplier. Instead of perceiving it as a threat, IT can leverage the knowledge and expertise gained from successful shadow IT projects. As these projects grow in scope or user base, they can be handed over to production IT. This transfer can be seen as a gift of time and effort, even if the approach differs from how IT would have done it initially.
Lastly, IT should monitor and manage shadow IT from a distance. Identifying shadow IT can be challenging, especially with cloud-based solutions. Network monitoring and cost controls can help locate these occurrences. Once identified, IT should maintain communication with the shadow IT team and gather updates, documentation, and lines of responsibility. Shadow IT should not be a permanent solution. If it appears to be an ongoing project, negotiations should take place to integrate it into production IT processes for vulnerability management, resource planning, upgrades, and business continuity.