CEO Ticker – Shadow IT Part 3: Balancing Productivity & Security

This is the third blog post in a three-post series written for CEOs and Line of Business (LOB) leaders. In post #1 we learned why shadow IT has become so prevalent – because it empowers employees and enables productivity. In post #2 we learned why it’s dangerous – because it introduces security vulnerabilities and creates an IT management nightmare.

So what can you do about it?

It’s a conundrum. On one hand, any tool that effectively empowers employees to do their jobs better and more efficiently is a CEO’s dream. But when that tool is shadow IT – applications and platforms outside the corporate IT framework – it also presents significant security threats. The kind of threats that will keep your CSO awake for nights on end. And it creates the kind of management nightmares that will leave your CIO in cold sweats.

In the ideal world, technology tools enable employee empowerment and productivity without creating security threats and IT management challenges. That ideal world is neither unfettered shadow IT nor business-as-usual IT. It is a world in which Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) are out of the shadows. Into the enterprise IT fold.

A Paradigm Shift

Getting to that ideal world is about changing the way that you think about enterprise IT. IT Business Edge blogger Arthur Cole explains it well: “The reason people turn to outside services and platforms is because it is a quicker and more efficient way to complete their tasks. As the traditional gatekeeper to data infrastructure, IT has long been viewed as a barrier to progress rather than an ally.”

And from Harvard Business Review: “CEOs remain reluctant to invite CIOs to the executive table, insisting that IT is a cost center, not the innovation incubator it could be.”

But IT can be an ally. CEOs need to think of IT not as a cost center but as an innovation center. A technology-driven enabler. Working side-by-side with the business units to achieve the enterprise’s strategic goals. That paradigm shift enables IT and the LOBs to work together to balance productivity and security. CloudTweaks is right: “The best way to manage shadow IT is by making your IT an integral part of the value chain.”

5 Steps to Bringing SaaS and PaaS Out of the Shadows

1. You are the champion. If shadow IT is going to come out into the sunlight and stay there, your CIO needs your support and the LOBs need your leadership. Communicate the rationale. It’s not about cracking down on rogue operators. It’s about enabling the agility the LOBs want. And the security IT is mandated to ensure.

2. Take stock. IT needs to conduct a thorough technology audit. To understand where shadow IT exists within the enterprise today.

3. Develop a cloud capability that business users can easily access. Eliminating shadow IT is about bringing SaaS and PaaS into the sunlight. Not prohibiting them. Enterprise IT must set up an environment in which line of business users can help themselves to the IT services they need. As they need them. They get what they want. And IT gets what it wants – everything running within a framework that they can see and manage. A framework that is compliant and secure.

4. Establish a clear governance policy. IT must be able to ensure that access controls and other logical security measures are in place. As well as consequence management tools for plugging security holes if they occur. And forensic tools for knowing what leaked out. Then it is your job to ensure that employees understand the rules. And are willing to adopt them.

5. Migrate existing shadow IT. Steps 1-4 enable LOBs to access SaaS and PaaS out in the sun. But there are still applications and platforms sitting in the dark recesses of the enterprise. IT must reach into those shadows. To bring those applications and platforms, too, into the sunlight.

The end result is an enterprise where IT enables the business to accomplish its mission. Within the corporate security framework. IT becomes a broker of IT services to line of business users.

That shift, to IT-as-a-broker model, will be facilitated by cost-per-use cloud services and providers with reliable charge-back capabilities. Lines of business get the tools they need, when they need them, within the corporate IT framework. IT gets to assign costs accordingly to the business users.

For smart organizations, shadow IT is a clarion call to change the way the business and IT work together.