If you've ever wondered what the single most effective trigger is to make the blood pressure of IT and compliance professionals simultaneously skyrocket, the answer is simple: mention the term Shadow IT and see what happens.
And to be completely honest, as a cyber security expert my blood pressure is equally as spiked. The mere thought of highly confidential corporate assets being uploaded to some rogue cloud platform completely unknown to the powers that be within an organization is frankly terrifying.
All terror aside, the greatest question to be asked is why do so many employees turn to external cloud platforms in the first place—I’m not sure anyone will like the answer. It all comes down to one single factor: IT cannot deliver the same experience, convenience, or ease-of-use as big cloud providers.
But before anyone thinks that this is some sort of insult, it's far from it. It's actually far more about what people expect of IT departments paired with their own outside influences and habits, and why those expectations are completely unrealistic.
Let's take DropBox as a perfect and typical example of a cloud platform that is considered by many as "Shadow IT.” I'm sure that in our personal lives, the majority of us use this platform or something just like it—and why wouldn't you? From its super slick and easy drag and drop functionality, to its ubiquitous connectivity on any and all devices, the idea of having access to all your files at all times is downright amazing. And it is amazing; however, not to IT and compliance professionals, and for good reasons.
Here's where reality and expectation collide. When you consider the power of personal habits combined with modern technological convenience, the expectations of what can and should be the norm vastly changes. However, that same set of habits and convenience—something that most definitely influences how people also expect to work—rarely aligns with that of the corporate environment.
That said, if people have expectations and habits that work for them, that also make them more productive, by nature people are going to gravitate towards external solutions, regardless of what their employer says. Pair that with IT not being able to accommodate certain "expected" IT needs, and suddenly their jobs, associated projects, employee reviews, and even bonuses are placed in jeopardy. In short, IT may very well be out-of-sync with the perceived reality of the daily grind.
So why can't IT just catch up? After all, if it's nothing more than a free app, and the IT folks are super smart, can't they just spin something up quickly? No, and here's why.
Go to your IT department and ask them to build you the exact equivalent of DropBox. Sound reasonable? No it does not. Let's not forget that even in the early days of the now famous cloud platform, DropBox was given a $10 billion valuation right after it raised $1.1 billion in an initial investment round. So, unless someone is willing to spin up a company-within-a-company and throw 1.1 billion dollars at IT for a new cloud “project," the reality is that IT can't and will never be DropBox.
So if IT can't compete with the outside world—because they are busy doing real work that drives their own company—then what is the alternative? It's actually easy: embrace what many refer to as Shadow IT.
And if that sounds like the old adage of if you can't beat 'em, join ‘em, you are absolutely right. But with one monumental difference. In the case of joining them, it must be on one's own terms, ensuring that whatever cloud platform is being used that it is secured and monitored at all times.
This means creating a Shadow IT and cloud application control strategy, being able to support and guide employees in proper usage, and restricting access to certain corporate data—welcome to your new world of Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), Identity Access Management (IAM), and more.
Cloud applications with all their ease-of-use and convenience aren't going anywhere. Aligning your cyber security practices and taking a holistic and complete cyber resilience stance on all aspects of IT will make for a happier workplace, a more productive workplace, and a place where the blood pressures of IT and compliance can remain at normal and acceptable levels.
Case Study | COVID-19 Response Services
COVID-19: Resources Available for Crisis Response
Calian’s team of emergency management specialists and health care professionals are available to support your COVID-19 response. We offer services including: onsite rapid testing, quarantine site management, COVID-19 screening, vaccination clinic staffing, and more.
Case Study | Emergency Management Solutions
Developing Comprehensive Plans: Village of Telkwa
Calian worked with the Village of Telkwa, British Columbia to develop a guide with preplanned routing and advance decisions to support residents during an evacuation, and to help the Village meet its legal responsibilities to be prepared for potential emergencies or disasters.
February 22, 2021
Enhance Your Security Posture
Calian offers cyber security services and solutions to mid- to enterprise-size organizations at all levels of government, defence, and private sector. Our strategy of combining organic development with mergers and acquisitions benefits our customers. We deliver the innovative solutions you need to...