Preventing Shadow IT

NetworkNerd

My employer is a PEO and encourages employees to write blog posts for their website. I thought it was time they had one in there from someone in IT. This one recommends some ways you can prevent Shadow IT in your organization. Let me know what you think.

https://www.staffone.com/avoid-threat-shadow-it-tech-policies/

MattSpeller

Shadow IT is absolutely cancerous and should be nuked at the first possible opportunity. Been fighting it at this job since my first day in the door.

Decent article!

DustinB3403

Good article, it explains in a simple way what users just decide to go and do on their own.

scottalanmiller

@MattSpeller said in Preventing Shadow IT:

Shadow IT is absolutely cancerous and should be nuked at the first possible opportunity. Been fighting it at this job since my first day in the door.

Decent article!

As someone who ran Shadow IT at a fortune 10, it was official IT that we saw as the cancer. Shadow IT did the work, IT took the credit. Shadow IT normally exists only when IT has failed.

scottalanmiller

@DustinB3403 said in Preventing Shadow IT:

Good article, it explains in a simple way what users just decide to go and do on their own.

Shadow IT and rogue users are different things, though.

DustinB3403

@scottalanmiller said in Preventing Shadow IT:

@DustinB3403 said in Preventing Shadow IT:

Good article, it explains in a simple way what users just decide to go and do on their own.

Shadow IT and rogue users are different things, though.

But the concept is the same thing. It's something that is being done that effects the IT department and business as a whole, which either can't be protected effectively, or access restricted when needed.

Shadow IT is as explained in the article, non-technical people coming up with solutions to problems that they have, rather than asking IT to address the problem. IT doesn't know this "solution" exist so when something occurs, there are damages.

scottalanmiller

@DustinB3403 said in Preventing Shadow IT:

@scottalanmiller said in Preventing Shadow IT:

@DustinB3403 said in Preventing Shadow IT:

Good article, it explains in a simple way what users just decide to go and do on their own.

Shadow IT and rogue users are different things, though.

But the concept is the same thing. It's something that is being done that effects the IT department and business as a whole, which either can't be protected effectively, or access restricted when needed.

Shadow IT is as explained in the article, non-technical people coming up with solutions to problems that they have, rather than asking IT to address the problem. IT doesn't know this "solution" exist so when something occurs, there are damages.

That's not what shadow IT has been traditionally. Shadow IT was a secondary IT department that did the actual work when the original IT department could or would not.

DustinB3403

@scottalanmiller In terms of this topic, Shadow IT, are business employees who decide to implement a process on their own.

Without consulting the actual IT department.

MattSpeller

@scottalanmiller said in Preventing Shadow IT:

@MattSpeller said in Preventing Shadow IT:

Shadow IT is absolutely cancerous and should be nuked at the first possible opportunity. Been fighting it at this job since my first day in the door.

Decent article!

As someone who ran Shadow IT at a fortune 10, it was official IT that we saw as the cancer. Shadow IT did the work, IT took the credit. Shadow IT normally exists only when IT has failed.

We agree that shadow IT is a sign of the failure of the IT department. It's not the cure however, far from it.

scottalanmiller

@DustinB3403 said in Preventing Shadow IT:

@scottalanmiller In terms of this topic, Shadow IT, are business employees who decide to implement a process on their own.

Without consulting the actual IT department.

https://en.m.wikipedia.org/wiki/Shadow_IT

For example, at IBM the operations department brought in their own Shadow IT because the "real" IT couldn't keep production running - but had the political clout to not be removed. So to keep the company in business, Shadow IT was created.

Yeah it's not authorized by IT. But it was authorized by operations, had a full structure and actual did the work.

scottalanmiller

@MattSpeller said in Preventing Shadow IT:

@scottalanmiller said in Preventing Shadow IT:

@MattSpeller said in Preventing Shadow IT:

Shadow IT is absolutely cancerous and should be nuked at the first possible opportunity. Been fighting it at this job since my first day in the door.

Decent article!

As someone who ran Shadow IT at a fortune 10, it was official IT that we saw as the cancer. Shadow IT did the work, IT took the credit. Shadow IT normally exists only when IT has failed.

We agree that shadow IT is a sign of the failure of the IT department. It's not the cure however, far from it.

Right. If you need Shadow IT you have an issue bigger than IT that is allowing IT to exist without functioning properly.

NetworkNerd

I think everyone who has made a comment here is correct based on our definition. Though my article covered an example of a user implementing a technology outside IT's jurisdiction, an implementation could have just as well been someone extremely technical brought in to do IT work like Scott mentions. That scenario never crossed my mind when I wrote the article, so thanks for that, @scottalanmiller. I guess maybe that sort of thing is not as common in smaller departments like where I've worked.