How do IT professionals deal with shadow IT within their organization?
In this recently filmed video, Symantec CIO Sheila Jordan shares her insights with internationally known cybersecurity expert Morgan Wright on monitoring shadow IT; changing employee expectations towards the technology that surrounds them; protecting data in motion; and offers advice to IT decision makers.
This is the latest installment of the Technology Trends and News from Symantec’s CIO Sheila Jordan video interview series.
Understanding Shadow IT
Shadow IT, also known as stealth IT, is defined as IT systems and solutions built and used inside organizations without explicit organizational approval. It’s also used to describe solutions specified and deployed by departments other than the IT department.
Jordan urges IT decision makers to first understand what’s influencing their employees to turn to these solutions.
“I've got to understand what our engineering organization is doing, if they're looking for a service or an application that I haven't been providing,” says Jordan. “I need to figure out what it is and offer that service to them.”
Facing Shadow IT
Morgan Wright comments that with this “explosion of information, devices and applications,” employees are using “rogue apps” without the IT team’s knowledge and creating challenges for visibility. Wright also notes that this trend is often seen among the new generation of younger employees.
“As employees come in to work, they want that same consumer experience they're getting on their smartphone today. And they're expecting IT to deliver that service while we're protecting the most important asset of the company, which is our data,” explains Jordan.
She explains that IT organizations need to “amp up and increase the work they’re doing for information protection.” In other words, they need to be protecting that data in motion and wherever it ultimately resides.
Handling Shadow IT
Jordan offers the following recommendations for managing shadow IT:
- Understand it’s happening within your organization.
- Get your arms around it. Use the data and analytics to see what’s in your environment.
- Make a decision on one or two solutions.
Eliminate the rest.
Rather than just saying “no” to all rogue applications, IT organizations need to enable and encourage this creative approach to work in such a way that does not leave the organization vulnerable.
Wright comments that there’s a “blurring of the lines between work and personal apps” as well as cloud solutions and all other devices that “complicate not only the data management, but the security solutions too.”
For Jordan, it’s the data that needs to be protected, “whether it’s on a smartphone or it’s going to be on a future IoT [Internet of Things] device.” Data is in motion between various devices and solutions—leaving the traditional on-premises firewalls.
“We have to make sure that our processes are in place,” advises Jordan. “It’s really about protecting that information and data even if it’s not housed inside the enterprise.”
Be sure to watch the entire video for more insights!