Mark Samuels of ZDNet recently spoke to industry experts on how technology purchases are shifting from IT to business line executives. The verdict? This shift isn’t necessarily a bad thing, with the right technologies and policies in place. Typically, we define Shadow IT as any technology purchase or use that is outside the knowledge or control of IT. What happens when IT purchases are made with the explicit permission of IT but without specific oversight?
In his article, Samuels explores the decentralization of IT investment and the potential knock-on effects to IT governance and corporate data security. The article suggests four best practices:
- Focus on helping peers make the right IT decisions – Moving toward a user-centric approach should include support from IT in the form of “technology tendrils” that run throughout the organization.
- Lay the ground rules and make sure people follow them – Controls should be standardized globally, with key decisions on information retention, data schema and data security being set at the CIO level.
- Accept that responsibility for project success is shared – Shared responsibilities and goals can help align everyone involved.
- Revisit the original project goals time and again – Due diligence is critical before any project gets off the ground. Decentralization of IT projects does not mean everyone does whatever they want.
The article does a great job of laying out some of the challenges and benefits of enabling business leaders to managed their own IT initiatives. With proper planning and guidelines, decentralized IT does not need to lead to true Shadow IT.
Laying the Framework for IT Oversight
Absolute can help lay the framework for organization-wide oversight into data security. We provide visibility to your entire endpoint deployment through a reliable two-way connection to your endpoints so that you can monitor, assess and respond to security alerts, regardless of user or location. With the new Endpoint Data Discovery (EDD) feature, standard in Absolute Data & Device Security (Absolute DDS), you can automatically monitor for sensitive data, identify insider threats and respond to endpoint security incidents with remote capabilities such as data delete or device freeze. All of this can be done while supporting the independence of business units in their technology purchases for the endpoint.
Get started with a free evaluation version of Absolute DDS today.