Shadow IT, so what...
Many IT responsibles are afraid of the Shadow IT. But I always said: "Shadow IT, so what!". I think times are over when IT departments controlled each and every bit and byte within their organization and tried to educate the business users how to use the expensive and complex IT tools. Since the rise of the cloud services IT departments have lost control. Let's face the brutal facts. It only takes a credit card and within minutes one has sourced the cloud service of his choice. Sometimes it would take the internal IT department months to engineer and deploy something similar.
While such a course of action saves a lot of time, headache and internal discussions for the business user, it also completely bypasses internal governance, risk and compliance regulations.
Do IT departments have a choice? They either work on improving their IT fortress by blocking USB ports, block cloud services on the firewalls and implement tools, which severely restricts the end user from being productive. Or they rethink their current strategy and think more in a way of a "Service Oriented Infrastructure". They should understand, that the business sometimes need a cheap shot, a proof of concept or a minimal viable product. IT should provide an infrastructure, which allows such initiatives in a quick, reliable and secure way.
A service oriented infrastructure enables the business and offers an environment, where the business can react quickly on rapidly changing factors. Time to value is key. Agile, rapid prototyping, minimal viable product are the buzzwords nowadays.
But how can IT still have something like Governance, Risk and Control applied to precious business information and data?
Well things are not that complicated. Modern cloud solutions like the one from Microsoft offer a lot of standard interfaces. With the Enterprise Mobility & Security suite one can provision and maintain the control of the end user device while giving maximum flexibility to the end user. Azure Active Directory, on the other hand, offers interfaces to integrate 3rd party applications like HR information systems, CRM or others. There are more than 4000 applications preconfigured in the Microsoft cloud ready to be deployed in minutes. With such an integration the IT department can steer the account provisioning, authorization and authentication. Enforce password policies or make sure multi factor authentication is mandatory when accessing information from certain devices. Cloud service onboarding is fast and straight forward.
The business can easily attach their cloud sourced app to the cloud infrastructure provided by the IT department. And the IT department remains in control. The only thing is to draw the demarcation line of solution ownership and support. Where is the IT department responsible and where does the business need to step in.
But power is nothing without control!
Following the slogan of a well known tire manufacturer it is not only about infrastructure. If you make a mind change like this you also must make sure everyone understands its duties and responsibilities. Then with great power comes great responsibility one smart guy once said in a Hollywood movie.
Let us know if you like to discuss this thing in more detail. We're available at www.vinet2-services.ch or pay a visit to www.mywigwam.ch. We gladly offer you a cup of coffee and face your challenging questions.
On behalf of the ViNET2 Team