Shadow IT isn’t going away anytime soon, so be sure to hold on tight. As managing shadow IT becomes a greater concern among business leaders at all levels, solutions to overcome challenges arising from this unfortunate phenomenon are accelerating. Those businesses already geared up to combat increased security threats from the widespread use of shadow IT are — you guessed it — MSPs. Even though there are many MSPs still unsure of how to control shadow IT effectively, a good bulk of them are making progress and protecting their customers from unintended side effects.
To find out how TruMethods members are tackling shadow IT challenges within their clients’ organizations, I reached out to Adam Radulovic, CEO of XL.net, a Park Ridge, IL-based MSP, and asked some questions on how he’s managing shadow IT’s growing presence in the enterprise space.
A lightly edited transcript of our conversation follows.
How has your strategy to tackle shadow IT progressed over the years?
Shadow IT emerges due to unmet needs. Similar to water that hits a rock, it will eventually find its way around resistance. Our approach has been to embrace the needs of all the departments within a client’s business through quarterly technology meetings. We have always had the intent to anticipate and fulfill a business’s needs, but in our early days, it was hard to do that while dealing with broken computers, viruses and the level of IT noise present when we did not have command over reducing that noise. Five years ago, we finally got command, and instead of being looked as the “IT guys” that kept their computers clean (the “computer janitors”), we are now looked at as part of our clients’ leadership teams. This allows our clients to reach their objectives faster, more efficiently and safer than ever before.
Why don't customers fully understand the risks of shadow IT? How do you go about educating them on the dangers?
Back to the water analogy, we first create a path for IT needs with all the departments through a technology steering process, which greatly reduces shadow IT since needs get addressed and scheduled. For the few instances, we typically would only hear about them after an issue — in which case, we do an incident report to understand the root cause of an individual going outside of the established technology steering process.
How do you go about securing organizations when facing shadow IT challenges?
We follow a system owner process driven by security standards (ISO27001 / CSC 20) when identified. Basically, it identifies an individual in the department that is fully accountable for the access and regular training of the system (the system can be a software application, client/server on-premise solution or cloud-based solution).
What are the top shadow IT issues facing MSPs today?
Certainly, the top shadow IT issues for MSPs — and really any IT department — are gaining command over reducing noise from IT and having a technology steering process that addresses needs.