How to turn shadow IT into a culture of grassroots innovation – Help Net Security
How to turn shadow IT into a culture of grassroots innovation The proliferation of generative AI tools has been compared to the dawn of the internet, the spread of smartphones and laptops, and the mass transition to cloud computing. All these advancements make it easier for individuals to adopt technology into their personal and professional lives. When employees start using tools that their employer hasn’t approved, it’s called “shadow IT.” Why the ominous phrase? Because to operate securely and abide by legal requirements, organizations need to know where the data goes. You can’t secure sensitive information without knowing which apps employees are using and how. Total, centralized IT control is no longer practical now that hybrid work and BYOD are here to stay. Also, restricting employees’ ability to experiment with new technology like generative AI tools can be just as risky as granting them too much freedom to experiment. When users look for new ways to get work done, the solutions they find can be the seeds of innovation and the key to unleashing productivity and efficiency. By fostering trust and the right regulation processes between your IT team and the rest of your organization, people will feel more empowered to find solutions that work for them – and potentially the company at large – with fewer governance and security issues. Here’s how you can turn shadow IT into a culture of grassroots innovation. First, understand why shadow IT happens Employees can get frustrated by a workflow bottleneck. According to our research, 62% of respondents said their company is not investing enough in the tools needed to address common project management challenges. Or they stumbled upon a solution that helped them visualize their work differently. With the ease of access to AI-powered tools, anyone can seek out guidance on how to work more efficiently or comfortably. Instead of treating all independent technology adoption as a threat, consider why employees chose a particular solution. What problem is it solving? Why do they feel this solution is the right fit? The answer could help you diagnose issues with the systems you already have in place, and you can decide on the best course of action to help secure the work and protect critical data. We’ve found that sometimes, new tools like those based on generative AI get introduced to organizations as a part of shadow IT. One team gets a license, the solution spreads, and the IT team steps in. The CIO or CISO responsible for data security typically doesn’t always want to take away access to the tool if their teams are getting value out of it. Building partnerships with the companies behind the tools is key to enabling innovation while keeping data safe and governable. When employees and teams look for capabilities and solutions that ease challenges and enable their work, that’s a good thing. It’s a form of innovation that can help push your organization forward. Unlocking individual productivity is a great thing for the whole company. Set clear guardrails Balancing innovation with IT control remains necessary. Cybersecurity, including privacy and data protection, is considered the top business risk by corporate leaders. Your organization’s risk tolerance will depend on its culture, customers, and industry. Many aspects of security will be non-negotiable, but many can be solved by listening to users and evolving how you use platforms and services. One of the main risks associated with shadow IT is being blind to where company data lives. Without control, you can’t apply consistent policies. Let teams know why security processes are necessary and which standards any platform or tool must meet. Work to understand the business purpose of the adoption so you can help them find an alternative if their initial choice doesn’t meet those standards. The goal is to help users make intelligent security decisions – or help them behave securely by default – while enabling them to take advantage of technology that enhances their work. For example, by adopting a single sign-on solution with multi-factor authentication, you can solve access issues and give people a wider choice of apps and services while maintaining centralized visibility. Foster an innovative and trusting culture If employees find a way to make their work easier, more work will get done. If employees find a solution that improves their work but experience the IT department and its security policies as an immovable wall, frustration is inevitable. Viewing security as an enabler of work rather than a barrier can lead to new operational efficiencies and fruitful partnerships. Prioritizing agility and innovation frees employees to push the boundaries of their work. Through a trusting and communicative culture, you can empower people to be more efficient and engaged without losing control of governance and security. Much of this comes down to how you respond. When you foster transparent communication and demonstrate that you value users’ perspectives, the relationship can be one of collaboration rather than control. People start to see IT as a partner and become more open to guidance. Ideally, they might actively seek your advice when they find an interesting new solution or encounter a gap in existing capabilities. Fostering an innovative and trusting culture plays a huge role in bringing shadow IT into the light. Unleash the grassroots innovation When users in your organization look for new ways to get work done, they unlock innovation. Adopting new capabilities is often the beginning of essential progress and productivity. Innovation always brings an element of risk to evaluate and manage based on your organization’s goals. You can maximize this grassroots innovation while ensuring ongoing security by striking the right balance between control and trust.