14 tips for CIOs managing shadow IT activities

Considering how complex IT has become, particularly in the age of the internet, the ability to know about and effectively manage IT resources — both internal and external — has become increasingly important. Here, we examine situations to be aware of regarding shadow IT and offer guidance to ensure that CIOs can identify and mitigate rogue activities.

The primary goal for most CIOs is a smooth-running IT organization that is compliant, secure and risk-free. On the issue of security, they pay attention to any situation that threatens the confidentiality, integrity and availability of information. Non-approved installation of systems, whether on site or via cloud technology, presents possible unauthorized access to internal systems. From a risk management perspective, shadow IT presents unique challenges to CIOs and their cybersecurity and operations teams and should be a key element in those activities.

The growth of cloud-based systems using software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS) represents significant opportunities for shadow IT activities. This is in addition to off-the-shelf hardware and software applications that have been the traditional sources for shadow IT users. So long as an internet connection is available, shadow IT users can access just about any cloud-based resource with minimal difficulty.