ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security management Toolkit

Stopping shadow IT

Ruby Bayan Tech Republic

Published: 19 Jul 2004 12:00 BST

"Shadow IT" is as ominous as it sounds. Detached from corporate IT, running its own systems, and covertly implementing its own rules and policies, a shadow unit can quickly become a sinister threat to the company's security infrastructure.

How should CIOs deal with these ghost entities that seem to spontaneously spawn and proliferate behind the scenes? We asked two experts to shed some light on the shadow IT phenomenon: why these groups exist, what security risks they pose, and how top management should address these risks.

Why do shadow IT groups exist?
Some business environments naturally and expectedly become fertile ground for informal -- sometimes illegitimate -- IT operations. Here are some examples of how these clandestine groups come to life:

According to Dr. Dennis R. Moreau, chief technology officer at Configuresoft, some business units initiate IT projects outside of corporate IT because of "significant reductions in IT spending and an increasing demand for IT to address infrastructural issues, including but not limited to security, regulatory compliance, technology migration/updates, and service level maintenance".

Moreau said: "These two pressures have resulted in growing IT project backlogs, which has limited IT's ability to be responsive to the needs of business units, many of whom are dependent on IT projects to achieve business objectives." Business units then take matters into their own hands.

In many instances, Moreau said, corporate IT governance and standardisation efforts don't appropriately accommodate business needs. The efforts serve to impede business processes and a company's ability to compete, prompting business units to initiate shadow IT projects.

Shadow projects "typically exhibit low risk because of their very limited scope and tight alignment with business unit needs. They also exhibit quickly realised ROI, partially because the initial investment does not address lifecycle project, support, or infrastructural costs," Moreau said.

1 2 3 4

Did you find this article useful?
224 out of 437 people found this useful

More In Security management

Company/Topic Alerts

Create a new alert from the list below:

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.