How can organizations control the proliferation of shadow IT?
Sort by:
I understand that there are two ways
- giving all necessary tools the the users
- locking any other non authorized tool
Security should be the must
I don't know if we can control it versus automate it. During a recent conversation today, I wondered, "Why did we go down this path?" I think we need more automation in place when things are coming in that are not the best-designed to help steer them down a path versus us having to run a manual intervention. That's my perspective out of clear frustration.
With cloud native companies and all the open access, shadow IT can easily become a big problem because at the click of a button, you can hook up a new service and every department in the company is ready to consume it. How do you control that kind of proliferation? It requires education and training. You have to continuously communicate to people when they do these things that they must not step on anything that might get them into bigger trouble, even by mistake.
1. Require compliance education. Risk of IP and PII leakage cannot be tolerated.
2. Monitor spend.
3. While you cannot block shadow IT entirely, you can encourage use of IT -managed services with a) easy automated provisioning, b) low-code application development and integration tools, and c) IT-certified images and databases with built in security and monitoring.