• United States



Can Shadow IT Be Good for Enterprises?

May 01, 20183 mins
Data BreachInternetNetwork Security

Shadow IT was borne out of innovative necessity, often causing security headaches. But there are strategies for controlling it.

istock 691171164
Credit: iStock

One of today’s most enduring IT challenges is shadow IT, where business units go renegade and secure their own applications and services without involving IT, typically by leveraging cloud providers. Gartner estimates that business users control 38% of technology purchases.

Bindu Sundaresan, practice lead for AT&T Security Consulting, concedes that IT leaders can’t memo-away shadow IT by ordering that the practice stop. Line-of-Business managers know that top management values getting products and services out the door quickly and cost-effectively and will back anything that makes that happen.

But allowing shadow IT to happen, and allowing it without any IT involvement, are two very different things. IT can support shadow IT, but only if IT is informed and up to date on who’s buying and using which services. Visibility into these services is a critical first step in making sure that they are in line with the organization’s cybersecurity policies.

“The whole problem with shadow IT is when you don’t know about it,” Sundaresan says. “As long as you have visibility, you can include it as part of your risk profile and take the necessary risk measures.”

Sundaresan says better collaboration is critical to maintain consistent policies for securing cloud data will provide the needed protections without inhibiting the benefits that LOB users get from having easy access to cloud applications and services..

“Enterprise security is a team sport,” she says. “You have to work across different teams. For any security team to be successful, you need to understand where the business is headed.”

The need for better visibility across the increasing number of cloud services that enterprises deploy has led many to explore and deploy cloud access security brokers (CASB). IT and security executives can’t outsource their responsibilities, but CASBs can provide crucial assistance, especially with minimizing the damage from renegade shadow IT business unit efforts.

“CASBs need to integrate with existing security competence,” Sundaresan says. “When evaluating, don’t get enamored by the capabilities. As part of the proof of concept, make sure you’re discussing integration with existing infrastructure. Many don’t look at it from the architecture integration perspective.”

As organizations work out the kinks around shadow IT, they’re likely to find that with enough coordination and communication, all sides can benefit from the speed and customizability of shadow IT without compromising the security and business integration that comes from traditional IT.

AT&T has a number of solutions for cloud security. Find out how they can assist you with near real-time protection against viruses, malware, and hackers.