Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why a security team embraces shadow IT

Clint Boulton | Aug. 19, 2016
A group within Western Union information security team relies on cloud software, including content management, social collaboration and single sign-on tools to let employees to get their work done while protecting corporate data.

When you hear the phrase "getting ahead of shadow IT," it typically comes from a CIO who is implementing new technologies so that employs won’t take it upon themselves to purchase tools. But you don't expect such proactive practices from an enterprise's information security team, which a CIO often enlists to place a moat around corporate assets.

mike bartholomy
Mike Bartholomy, Western Union's senior manager for information security

Mike Bartholomy takes a different tack at Western Union. The financial services firm's senior manager for information security says that companies that try to block everything may see it backfire. "What we've seen happen in other organizations is that when you take something away that is a great enablement tool that may be moderately risky, you run the risk of pushing users towards something that is very risky," Bartholomy says.

Shadow IT continues to plague companies. Over the next several years IT spending will increasingly occur outside the allotted IT budget, often exceeding 30 percent of total IT spending, according to Gartner analyst Matt Cain. The analyst says that rather than blocking shadow IT, IT should develop a system that outlines when it is appropriate for employees to use their own technology solutions and when IT should take the lead. The idea is to create a digital workplace that aligns corporate workflow more closely to employees’ experiences with consumer computing.

Why aninfosec team implements cloud

Western Union has developed its own system to protect and serve its workforce. The Western Union information security enablement (WISE) program is designed to give its 10,000 employees the technologies it needs to get their jobs done while ensuring that corporate data is secure. Under the purview of CIO David Thompson, Bartholomy and the rest of the information security team enjoy the unusual privilege of evaluating and implementing cloud solutions. “Not too many information security organizations have integrated a social intranet and collaboration tool enterprise-wide,” Bartholomy says.

Those tools include Okta single sign-on software and enterprise social offerings from Jive Software. But its latest project, a corporate-wide roll-out of Box as the company’s new enterprise content management system, may be his most ambitious to date. New solutions tend to come with a steep learning curve, but Box isn’t your enterprise software of yore. Most employees, particularly millennials who grew up consuming web apps, find it intuitive and easy to use from their desktops and mobile devices. To be safe, Bartholomy worked with Box to create videos tutorials and virtual training sessions to help acclimate employees to the technology.

Employees in human resources, legal, compliance, IT and other departments are increasingly using the cloud software to share and synchronize files across desktops and mobile devices. Bartholomy sees the implementation of Box, as well as tools such as Okta and Jive as necessary.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.