Beltug

Handling Shadow IT is about the approach, not the tools. Takeaways from the Beltug N-sight of 23 April 2020


Date:23/04/2020


With people more tech-savvy than ever, and the call for digital transformation loud, Shadow IT seems to be an inevitable part of the game.  Whether you choose to avoid it or to embrace it as a company, it has a wide-spread impact: on your budget, on security, on efficiency and processes.

 

At our N-sight (held virtually) we dove into the world of shadows, taking a look at a few best practices and experiences…

 

The presentations from this X-change, and a link to the recording of the event, are available for our members (after log-in).

 

 

Get your assets out of the Shadow

 

Peter Verbeeck, Solution Advisor Specialist & Vendor Alliance/DPO, and Danny Uytgeerts, Technology Strategist & Security Officer/DPO at SoftwareONE, kicked off the session under the header 'Sh(adow)IT happens'. Shadow IT, they explained, is not only about using unsanctioned apps and tools, but also about using company-sanctioned apps in an ‘unsanctioned’ way. They highlighted the presence of the 'Superuser', the colleague with a particular knack for a certain app who takes over the support role from the IT department.

 

Managing Shadow IT requires a specific approach rather than a specific tool, they continued. The goal is to keep control of your data and processes. Managing Shadow IT is like fitting many pieces into a large puzzle.  They presented four crucial puzzle pieces (from amongst many others):

  • Organisational culture: Change Advisory Board
  • Culture & awareness: communication and training
  • Risk management: risk awareness and appetite
  • Policies: data classification, data loss prevention, asset management

 

Danny's main conclusion: this is not a one solution issue. Also, it's not about how your users handle your data, but about what they are going to do with it. Have your data flows under control and you don't need to be scared of Shadow IT.

 

 

The modern workplace, without shadow IT

 

Stefan Berth, Sales Director Mobile IT at mobco, shared his view on the hardware side of the issue, which is often either overlooked or unrecognised. Stefan stressed the importance of user choice.

 

The hardware aspect can be related to a specific device, e.g. people preferring an iPhone over Android. For mobile phones, a company-issued SIM card can be put in any compatible phone. If people do not like the company-issued device, they can very easily change this for a personal device.

 

But the hardware aspect can also be related to specific circumstances where people have to do with what they have available. Covid-19 has forced many people to work from home, requiring them to rely to some extent on personal hardware instead of company hardware. Potential issues include software compatibility or lack of hardware support.

 

Stefan believes we can add to the approaches of 'no control' and 'top control', the approach of 'partial control', where the company remains in control of the data (slides 6-8). So should we still care about Shadow IT? Yes!

  • We need that control to comply with the GDPR, but also to keep our secrets safe (paychecks, company strategies, HR, RFPs, etc.)
  • We need to protect data: ours and employees’.

 

Finding the perfect balance between 3 pillars is key when dealing with Shadow IT, and involves:

  • IT operations
  • User experience
  • Data security

 

How to find that perfect balance? Communication is key: talk to all stakeholders within the company:

  • IT
  • Telecom Manager
  • Support
  • HR
  • Procurement
  • Business Units

 

And don't underestimate the power of the younger employees, who are eager to work with the tools of their choice. 73% of millennials (born between 1981 and 1996) state that workplace technology influences their choice for their next job.

 

By taking a proper approach, every stakeholder sees results:

  • The IT department keeps control over all corporate data
  • Telecom Manager has '0 touch' enrolment and no longer needs personal credentials
  • Support can focus on key tasks, rather than e.g. resetting passwords
  • HR’s policies are implemented
  • Procurement sees an increase in overall efficiency
  • All needs of the different business units are covered and automated via UEM
  • The end-user is trained to better use devices and corporate apps (like O365), and gets his private environment back = best of both worlds


 

 

 

 

 

 

 

 



 

Dear visitor,

Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).

Beltug gathers a lot of information. Here you find the advantages of Beltug membership

The Beltug Team

Click here to login




>>> Back to overview