Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does 'shadow IT' lurk in your company?

Ellen Messmer | Aug. 10, 2012
Business divisions are bypassing the IT department, making their own decisions to buy cloud-based application services or use mobile devices, raising the specter of so-called "shadow IT" that's outside the knowledge or control of the CIO and the IT staff.

He says business units often make these direct IT buying decisions out of a sense they have to move fast to reach new channels or markets. "This is often based on a clear business mandate and logic." But there are often "hidden costs" in managing data after a shadow IT project has occurred, he points out. Resources become more and more fragmented and spread out or "misaligned." One top concern in shadow IT will certainly be security and compliance of data.

"You're introducing a lot of new risk into the system," he says, noting that the chief information security officer (CISO) or the chief security officer (CSO) in the enterprise has a clear role to play when it comes to shadow IT.

"One of the main roles of the CISO is to call out these behaviors," Kawalec says. They have to figure out what is going on and analyze it, and report findings about the security and compliance implications of shadow IT to the chief executive and the board of the corporation, where final decisions need to be made. "Shadow IT cannot be played out in the shadows," Kawalec concludes. "Someone has to shine a light on what's outside the norm."



Previous Page  1  2 

Sign up for CIO Asia eNewsletters.