IT departments can be unpopular at the best of times. They bear the brunt of bad will when technology fails the business, and are all too often left giving employees the hard-line, ill-explained “No” to seemingly simple requests.
When it comes to shadow IT, and BYOD, this is often the case.
Research suggests that 35 percent of employees feel obligated to bypass IT’s established security policies and procedures to get their work done, often via their own consumer products which put the organisation at risk.
This should set alarm bells ringing among CIOs. If that volume of employees will freely admit to flouting established rules, how many instead choose to grin and bear them?
RSA’s stat suggests staff are frequently antagonised by IT’s refusal to bend to their wants.
If a compromise can be reached, making a conscious decision to frustrate staff undoubtedly makes bad business sense.
Aside from avoiding this conflict, finding a middle ground on shadow IT has the power to breed innovation. Like it or lump it, as in the case of BYOD, IT departments will be bypassed when employees feel restrictions are unjust and counter-productive.
They are becoming more tech savvy; cloud services like Dropbox, iCloud and Google Disk are dropping in price, or are already free.
Why not harness their urge to use these technologies to the company’s advantage?
I hear the hard-nosed CIO cry, “What nonsense. Imagine the security holes that will emerge when I let that happen. How will it make me look when the company’s reputation is damaged and we lose money? Utter rubbish.”
Granted, there are obvious concerns in deviating too far from IT’s guidelines.
Call it hair-brained optimism, but it could well be useful to sit down with employees and determine the services that they feel they need to be at their best. Next, establishing clear guidelines on BYOD, applications and cloud services is a must.
Cloud services have to be managed and monitored. Leveraging an objective and comprehensive registry allows the highest risk services to be identified and blocked via the organisation’s existing IT infrastructure, or by communicating directly with users.
The organisation needs real-time insight into business case gaps, conflicts and security issues. Network monitoring is also essential in keeping a hawk-eye over shadow IT goings-on.
Empowering workers with secure, IT-controlled-anywhere access to information which works within a solid MDM framework has the power to achieve great reward.
Throughout all these processes, the onus remains on IT to communicate concisely what it wants from employees without dictating what will seem to them as draconian terms.
The end result is worthwhile: employees being able to access corporate data securely across locations and devices.
Awkward perhaps, but rather than wasting time chasing show IT, CIOs can coax employees into a middle ground, which will, aside from benefitting the business, put them in the best possible light.