The Inner Circle

 View Only
  • 1.  #TechTopicTuesday

    Posted Feb 01, 2022 05:31:00 AM
    Today’s Word of the Week is: Shadow IT. Shadow IT is any unapproved cloud-based account implemented by an employee for business use, including the use of an unknown account administered by the user rather than corporate IT. In this blog, to see how your organization can get a handle on shadow IT: https://csaurl.org/mcbca7

    #CloudSecurity #shadowIT #encryption
    ​​​

    ------------------------------
    Orbert .
    ------------------------------


  • 2.  RE: #TechTopicTuesday

    Posted Feb 02, 2022 12:28:00 PM
    Shadow IT isn't limited to capabilities "implemented by an employee" using "an unknown account." In reality, Shadow IT is often sanctioned by the management of a business line, which gave permission to an employee to implement a solution, using money from the business unit's budget, as a reaction to Corporate IT's inability to offer a solution quickly due to non-agile processes or a prohibition against solutions that are not on premises -- or in reaction to an inadequate IT-sanctioned system that doesn't do the job.

    This BU-sanctioned Shadow IT is more pernicious and harder to combat, because the BU managers have a lot of influence over CEO and will often successfully confront the CIO by saying "we had to do this because you only offered a pricey solution in three months instead of a cheap one in three days." The use of Google Drive spaces for collaboration, when IT has deployed Teams or SharePoint (or another document management system) is one of the most common example. The second most common one is probably in the area of CRM, when units use Salesforce or Zoho because there is no corporate solution or because it is too inflexible (Oracle CRM, anyone?).

    Of course, it is usually security that gets sacrificed first in this process. In addition, there are issues of integration, as the shadow system ends up duplicating some of the data in the official corporate system, with no synchronization mechanism in place. In fact, security is almost intentionally weakened when such systems (e.g., Google Drives) are put in place precisely to provide access to non-employees, such as contractors and consultants without any technical or contractual safeguards.

    The solution to the Shadow IT problem is not to ban it or to wring one's hands about it, it is to reform the IT organization so it can provide a rapid reaction to business needs and adopt agility as a default approach to projects.

    ------------------------------
    Claude Baudoin
    cébé IT Knowledge Management
    Co-Chair, OMG Cloud Working Group
    https://www.omg.org/cloud
    ------------------------------



  • 3.  RE: #TechTopicTuesday

    Posted Feb 03, 2022 08:15:00 AM
    Very good point! But how can we accommodate agility and security especially with a budget constraint?

    ------------------------------
    Ahmed Alwheheiby
    Student
    California State University, Fullerton
    ------------------------------



  • 4.  RE: #TechTopicTuesday

    Posted Feb 03, 2022 03:57:00 PM
    Dear Claude - love the last sentence - so allow me to start with that!

    You wrote: The solution to the Shadow IT problem is not to ban it or to wring one's hands about it, it is to reform the IT organization so it can provide a rapid reaction to business needs and adopt agility as a default approach to projects.

    EXACTLY! ... a solution could be to provide IT with more modern, more agile solutions that actually help IT control, manage and enable them to on/off-board resources in seconds .. here's some additional comments. 

    Q1 ... why is Corporate IT's unable to offer a solution quickly due to non-agile processes or a prohibition against solutions that are not on premises -- or in reaction to an inadequate IT-sanctioned system that doesn't do the job.
    Answer: you nailed it ... inadequate systems (maybe even wrong architecture) and complexity.
    Solution - well, reach out

    Q2 ... why can't CIO's deploy a cheap, secure solution in three seconds - not three days and not 3 months (you said; by saying "we had to do this because you only offered a pricey solution in three months instead of a cheap one in three days."
    Answer: complexity, inefficient architecture, IT-team agility is hampered and has no (very little) control ... you're right about the use of Google Drive spaces for collaboration, when IT has deployed Teams or SharePoint (or another document management system) is one of the most common example
    Solution - well, reach out (at lease there is a solution - if you like it is up to you (the customer))

    Q3 ... you wrote about CRM, when a BU use Salesforce or Zoho because there is no corporate solution or because it is too inflexible (Oracle CRM, anyone?).
    Answer: you're right - the problem is "convenience" & complexity, inadequate solutions, no (or little) control from the IT team - which is a pity, as they actually have the skills and know-how (they lack some security ... but just hang on a few minutes ...)
    Solution ... reach out - and as with Q2 (the solution part) ... again it's in the customers hands.

    Q4 ... security - and again I fully agree about the issues and concerns. Just a comment ... contractors and consultants (and other 3rd party non-employees) strongly controlled in what they are capable of.
    Answer ... it repeats itself - complexity, lack of control ... wrong / inadequate solutions / architecture. A comment ... contractors and consultants (and other 3rd party non-employees) can't do anything "the solution doesn't allow them to do" (think SDP/ZT with Attribute Based Access Control - and add steroids :-) ... now you're getting close)
    Solution ... hmm, you guessed it. Security is transparently built in - if not full control, then to an unmatched level. If you like it - it's up to you (the customer).

    2 closing remark ... first one to Ahmed (budget constraints => find the best solution) - the second is a Nelson Mandela quote "It always seems impossible - until it's done".

    ------------------------------
    Niels E. Anqvist
    CEO/President
    ZAFEHOUZE USA / ZAFEHOUZE EMEA
    ------------------------------