I was recently asked to comment on what businesses can do to reduce the security risks of Shadow IT. To read the full article click here and if you just want to read my comments – see below.
Plain talk – shadow IT exists when corporate IT is failing in a fundamental way.
We’ve seen currency traders set up their own development shops because corporate development was perceived to be too slow or bureaucratic.
We’ve seen Wall Street traders set up their own wireless access points so they could keep an eye on things when they were at the pub across the street for lunch.
No department or line of business wants to set up its own IT infrastructure and bear that budget burden – they only do so because they feel that they have no choice to be successful in the tasks they are measured and a compensated on.
It is like finding mouse droppings. If you see shadow IT, it is a clear indication that there is an unmet business need. Organizations need to investigate those unmet requirements and provide the appropriate IT services in a timely, secure, and policy compliant manner.