6. Offer amnesty on Shadow IT. "When identifying the threats of Shadow IT, you have two choices: First, your IT department can identify the traffic to and from third-party cloud solutions that deliver Shadow IT, like Skype, Box and Dropbox," says Orlando Scott-Cowley, Messaging, Security and Compliance Evangelist at Mimecast, which provides email management, compliance and archiving solutions.
"However, this process is time-consuming, inaccurate and blocking entirely is almost impossible," Scott-Cowley says. The better option: "Hold an amnesty on Shadow IT. A no-consequences, 'stand up, own up and be counted' strategy, without fear of retribution works — especially if you give users an opportunity to explain why they needed a third-party app and why your corporate platforms weren't up to the job."
Should You Embrace Shadow IT? 4 Questions to Ask Yourself
Before embracing or restricting shadow IT, Akita IT Services' Boudet suggests CIOs ask themselves the following four questions:
- Is there a reason why a particular solution is inappropriate for the company?
- If users clearly feel they need a solution for rapid document sharing/online services/hardware, can this be included into the company's IT policy?
- Is there a Shadow IT option currently in use in the organization that satisfy's compliance needs?
- Can you integrate Shadow IT (certain apps or services or devices) into your IT assets and install the proper security measures around them?
Sign up for CIO Asia eNewsletters.