I’ve written and spoken many times about the topic of Shadow IT. It’s a tech buzz phrase with a somewhat negative connotation, indicating that users are taking IT matters into their own hands and bypassing IT to solve their own challenges. For the record, when a user does this and their actions put the organization at risk, it’s definitely a bad thing.
However, is there a case when Shadow IT should actually be embraced and encouraged?
Shadow IT’s rise largely came about because users are becoming more savvy and tools are becoming easier to use and more readily available. Given that there are tasks IT simply can’t (or won’t) always be able to get to, the idea of utilizing users to assist may actually be a great idea.
When you consider the positive impact they could have, there are a few services normally provided by IT that probably should be put into the hands of users — for example, password resets. With the many solid password self-service solutions available today, there is little reason to continue requiring users to call a helpdesk and involve IT.
Another example is AD group management. IT rarely gives groups the attention they deserve, IT staff are usually several degrees of separation away from a group’s usage to know whether it’s configured correctly anyway, and IT shouldn’t be trying to do it alone in the first place.
So, why bother with IT solely managing something that users can clearly address on their own?
Not so fast. You can’t just give users admin rights and send them on their way. There are a few steps you’ll need to take in order to properly bring Shadow IT into the light.
- Educate the Business: This is a major shift in the way that IT operates and could potentially impact security, so IT needs buy-in from the organization from the top down.
- Engage the Users: Before users run to the shadows, involve department heads and line-of-business owners to identify the people who should manage which groups, their memberships, and permissions. There’s a lot involved in this task, so it’s important to learn how to build a state of collaboration between IT and the business.
- Empower with Tools: Shadow IT is all about having great solutions in place that make life easier for IT. Therefore, putting tools in place for password self-service and group management self-service will enable users to address their security and access concerns in a manner consistent with IT policies — and with the ways of Shadow IT.
The goal is to make the business more secure while also making it more productive. By selectively embracing Shadow IT to take on tasks that can be handled via self-service and by using tools that support the proper security and workflow, organizations can achieve both increased productivity and security, all while lowering the overall cost of management.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.