itb-nz logo
Story image

Shadow IT: Bringing business benefits despite security concerns

Instead of seeing shadow IT as a major problem, more chief information security officers (CISOs) are seeing the business benefits of the phenomenon, according to Andrew Kellett, Ovum Infrastructure Solutions principal analyst.

‘Shadow IT’ refers to hardware or software deployed within an organisation that the IT department is unaware of, or has not approved.

"The term often carries negative connotations due to the maintenance and security issues involved in this often unregulated area of the technology marketplace," says Kellett.

The general consensus is that the growth of shadow IT should be seen as a business and data protection problem, but not all CISOs agree. Not all shadow IT is bad, and some leading CISOs recognise that there can be business benefits, he says.

At the Eskenzi IT Security Analyst & CISO Forum in June of this year, a dozen of UK’s CISOs gathered to answer questions from security analysts.

Although the analysts expected the panel to take a strong stance on the need to reduce the use of shadow IT, the situation turned out to be less clear-cut, according to Kellett.

Many of the CISOs who took part agreed there are control issues to be addressed when technology use bypasses corporate policy and standards requirements, but the overall message was that shadow IT can also deliver business benefits, says Kellett.

Those in the creative industries, media, and telecoms were particularly supportive of shadow IT.

“The suggestion was that these businesses need it to support the requirements of their free-thinking users. The focus for these CISOs from a security perspective was education, to ensure that users understand the data protection and security issues involved,” says Kellett.

He says, “Although there will always be non-negotiable areas in which shadow technology cannot be used, IT security can no longer always inhibit it. User and data protection has to be agile enough to support the ongoing demands of the business."

“The consensus view from this group of leading CISOs advocated a collaborative approach that incorporates shadow IT into computing polices whenever its use can be supported.

“Their opinion was that security teams should make every effort to find out why specific third-party tools are being used, and to review their business benefits and risks before making any final decisions,” Kellett says.

Story image
How data warehouses have become the new data lakes for business
While data lakes are great when it comes to storage, they don’t perform well when it comes to analysis and reporting. The vast volumes and multiple formats mean that traditional data warehouse tools are unsuitable and another approach needs to be found.More
Story image
Forrester's guide to staying savvy in the world of COVID-19
Remote working, charting business outlook and CX are covered in this piece filled with advice for operating in the world of the pandemic.More
Story image
Nutanix & Udacity launch hybrid cloud nanodegree program
Nutanix is sponsoring 5000 scholarships, to be taught via Udacity, which will school IT professionals on topics such as modern private cloud infrastructure and the design of hybrid application deployment.More
Story image
NetFoundry offers free cloud networking to businesses in need
NetFoundry has announced its commitment to maintaining critical services and offering complimentary services to businesses in need as many countries are in lockdown due to COVID-19.More
Story image
7 ways you can boost workplace productivity with a quality IT network
The more high-tech your workplace is, the greater your business results.More
Story image
Acronis appoints new APAC General Manager and launches Partners Programme
One of Morarji’s first objectives has been to launch the new Acronis Partner Programmes in APAC, in which the Acronis team will help channel partners and managed service providers (MSPs) expand their portfolios and deliver fast ROI.More