Six tips for taming Shadow IT

Find what’s there

Discover what shadow cloud services are being used in the organization, then categorize them according to risk: Those that should be banned or restricted, those that are often used by the organization and can continue if they pose no risk, and those that are sanctioned.

Establish trust

Build an atmosphere of trust in which both business and IT embrace change, where business asks for advice and IT is the advisor and orchestrator. Business strategy should be aligned to a cloud adoption strategy, one that isn’t based on saving money alone. IT should work with departments to understand functional requirements, business processes and architectures that make sense.

Face compliance 

Both side needs to understand that all IT solutions need to meet legal, contractual, regulatory and sector-based standards. Intelligent vendor management practices may help mitigate risk. Also, when choosing solutions for sensitive data, it’s very important to find providers that commit to service level agreements

Lock it down

Business also has to understand IT has the knowledge to deal with data lifecycle management issues that cloud providers may skip over, as well as security issues such as access, encryption and key management, incident response continuity and data recovery.

Keep an eye on it

You can’t let staff adopt cloud solutions and forget about them. Cloud service providers have to be managed and monitored. Consider monitoring capabilities and incident escalation processes that will give the organization real time insight into business case gaps or conflicts, security issues and other service metrics.

Orchestrate

To avoid shadow cloud being isolated, develop an IT architectural vision that allows efficient access management and service interoperability to enable an integrated cloud. Service orchestration may help improve realizethe benefits by enabling a more integrated set of IT processes across a varied set of cloud solutions.