What is the number one way to prevent shadow IT?

Aug 25, 2021 7:30:00 AM |

Mike Skinner

Social Share:

Shadow IT continues to be prevalent in many organizations, bringing unknown and unmitigated risks into your environment. Several factors have accelerated the presence of shadow IT in recent years, such as bring your own device policies, the increased need within business units to have flexibility to affect outcomes, tension between IT/GRC stakeholders and other operating areas, an exponential reliance on employee devices and remote work due to the COVID-19 pandemic.

While there are a number of ways to combat the shadow IT issue, we’ve found one way to be more effective than others: building a collaborative culture. Gaining buy-in across different business units and stakeholders will have the greatest positive impact on preventing shadow IT. IT and GRC teams can take a progressive approach rather than leaning on elimination tactics.

Beginning with Why

Shadow IT is often a symptom of a larger problem. Consider the questions: Why are users bypassing IT in the first place?

  • Are the technologies provided by the organization adequate, or do they make users’ workdays, or work product less effective?
  • Are there bottlenecks causing delays in the IT department?
  • Do users and departments leads have awareness of the authorized solutions available for use?

Give Users an Easy Button

If it is established that a shadow IT solution cannot be integrated into the approved solutions maintained by IT, a seamless transition to an approved solution is imperative to preventing shadow IT solutions from being acquired in the future. Remove barriers and make it easy for the users to switch from the Shadow IT solution to an IT-authorized solution.

Patience & Priorities

If there is rampant shadow IT present in your organization, you should consider implementing a grace period to give departments and users an opportunity to “come clean” about Shadow IT solutions without fear of repercussions.

Not all Shadow IT solutions are bad. Prioritize the risk presented to the organization by each shadow IT solution. Once a comprehensive inventory of shadow IT solutions is developed, identify the highest risk services in use and address those first.

Collaboration is Key

Consider the following steps to begin building the foundation of a collaborative culture:

  • Reset the conversation between business unit leaders and IT: there is time and space to both innovate and secure!
  • Educate users about the risks of shadow IT and its potential impact on the organization
  • Establish responsibility for shadow IT: Is IT responsible? Are the business units held accountable for using unapproved software? Clearly outlining where this responsibility falls is vital to ensuring that shadow IT is not turned into “pass the buck.”

Building a collaborative culture is a continuous process. Business units and IT departments need to commit to seeking common ground, being transparent about resource needs, and holding each other accountable.







Mike is the partner in charge for HORNE Cyber. His primary focus is to enable clients to fully leverage technology innovations by providing the insights critical to safeguarding their business, customers’ critical data and brand reputation. He is responsible for information technology audit, regulatory compliance, information security consulting, internal control consulting and business solution implementation.

Find me on: