In Best Practices, Blog, Security

For years, shadow IT has been a practice that is under debate by organizations. Recently, however, shadow IT was rebranded as “business-managed IT ” and some CIOs claim that it’s better for business. Here’s how modern organizations should approach business-managed IT.

What is Business-Managed IT?

Before we talk about dealing with business-managed IT, let’s first define it. Business-managed IT, also known as shadow IT, is a practice where employees/lines of business purchase and manage their own IT resources. When the term was coined, shadow IT went on behind IT’s backs, or in other words “kept in the shadows”. As such, it was often met with negativity and generally frowned upon. We’ll talk more about why this was the case in a little bit.

As the IT landscape evolved into the modern cloud-based era, general thoughts around shadow IT seemed to shift as well. For starters, many industry analysts are starting to dub it as “business-managed IT”, implying that it is simply another facet of IT, just managed outside of the IT department’s control with less negativity than when it was called shadow IT. So, why the change of heart?

Why Business-Managed IT?

Recent studies show that business-managed IT is actually a beneficial practice for growing companies. The idea behind business-managed IT is that companies can get to market faster than their counterparts who do not allow the practice. 

In theory, this makes sense. After all, requesting/purchasing new and necessary IT resources, such as cloud apps, is sometimes challenging depending on company best practices, especially in organizations that have tighter resource/monetary controls. With business-managed IT, employees can avoid the red tape and implement everything themselves, perhaps even just expensing the cost without formal approvals.

The same studies show that business managed IT leads to slight improvements in employee satisfaction as well. Without having to meet IT-set resource requirements, end users choose the solutions that work best for them. That way, when they use the resource, they have a better experience overall than if they abided by organizational requirements. Instant gratification also plays a large part in this proposed benefit, as they wouldn’t have to wait for approval to purchase the IT resource.

The Dangers of Business-Managed IT

While these shortcuts can certainly be beneficial to an organization, the flip side of shadow IT is severe. In general, employees engaging with business-managed IT are not evaluating a resource under the same scope as IT professionals. So, while features like ease-of-use and time to project completion are often drivers for choosing a resource, security and manageability (for example, user access) still need to be considered.

With employees managing their own access to IT resources comes the possibility of multiple identities being created and leveraged outside of the core directory service. The result is more opportunity for things to slip through the cracks, and ultimately the potential for identity compromise.

The risks and potential fallout involved with a breach are well-known. A single breach can end up costing an organization millions of dollars in fines and reparations, not to mention the damage done to their reputation.

Dealing with Business-Managed IT

Looking at potential benefits of business-managed IT compared to the far-reaching costs of an identity breach, it’s clear that organizations need to think carefully before permitting business-managed IT practices in their environments. With proper practices and tooling in place, business-managed IT can certainly provide a number of benefits with few drawbacks. If you are interested in learning more about managing your organization’s users and IT resources with a cloud directory service and either enabling or controlling business-managed IT, we’re here to help.

Recent Posts