I was recently asked to comment on what businesses can do to reduce the security risks of Shadow IT. To read the full article click here and if you just want to read my comments – see below.
Plain talk shadow IT exists when corporate IT is failing in a fundamental way.
Weve seen currency traders set up their own development shops because corporate development was perceived to be too slow or bureaucratic.
Weve seen Wall Street traders set up their own wireless access points so they could keep an eye on things when they were at the pub across the street for lunch.
No department or line of business wants to set up its own IT infrastructure and bear that budget burden they only do so because they feel that they have no choice to be successful in the tasks they are measured and a compensated on.
It is like finding mouse droppings. If you see shadow IT, it is a clear indication that there is an unmet business need. Organizations need to investigate those unmet requirements and provide the appropriate IT services in a timely, secure, and policy compliant manner.
Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.