Napa Country government had begun infiltrating their business environment with their personal mobile devices insisting on using them instead of the provided infrastructure = > how the roles of users and IT are changing in today’s world of ubiquitous computing
Shadow IT Solutions (SIT) pose a major financial, legal and reputational threat to organisations
as they are not verified to comply with any of the organisation’s information security or architectural
policies
Other proposed research question:
1. What ISsec measures are suggested and applied to mitigate the risk of well-intended user-non compliance (user-driven IT solutions)?
2. What are the key factors that cause Business-IT-misalignment and encourage user-driven IT solutions?
3. What ITG mechanisms are suggested and applied to identify and harness the potential of user-driven IT solutions?
Non-compliance of users with ISsec policies, often referred to as “insider threat”, is identified as one of the top ISsec threats in organisations. Therefore non-compliant user-driven innovations – SIT –
pose a security threat in organizations.
We chose to address situations where SIT is implemented intentionally to support a business
process (low-grade) and not to maliciously inflict (high-grade) economic damage.
Behrens (2009) suggests that SIT solutions operate in the fringes of organisations filling a gap between the requirements of the users and the solutions provided by the IT department.
Poor BITA is caused by either the lack of IT capabilities or the lack of adaptability of business processes or the involved employees. Both cases encourage the development of SIT.
As user-driven IT innovations are an indicator for poor alignment and at the same time offer an operational solution, SIT may offer multiple opportunities for ITG practitioners to improve alignment.
Reasons for short-term misalignment are the detachment of IT and business employees:
- Lack of communication
- Decreased responsiveness invisibility of the IT staff
- Missing shared knowledge
Decentralised IT units have the ability to cater closer to the user needs while a centralised unit has greater potential to achieve economies of scope
Communication has the highest importance. Our IT coordinators are our eyes and ears in every business unit, so we can respond to new business needs quickly.
To achieve this, organisations “have a dedicated budget to integrate user-driven solutions (scripts), which become business-critical”
Empowered users to secure
their own working environment and focuses on protecting the centralised infrastructure and services
according to web standards =>
empowerment requires high user IT skills and an aware
and responsible mind-set and high security set-up costs for infrastructure and services
=>
this may only be feasible for small organisations
The user-oriented approach combines the advantages of the IT-control and the user-driven approach by applying them differently throughout their portfolio: “While transparency is my highest priority, I do believe that a healthy extent of SIT is essential to offer flexibility and space for new ideas and innovation.
We conclude that the user-oriented approach can be adapted to balance efficient operation and the effective use of IT through user-driven innovation within defined boundaries. However the level of freedom differs within the interviewed organizations. To apply this approach a thorough risk assessment (Benaroch et al., 2006) is suggested beforehand to define the boundaries of user innovation.
The most common cited risks were:
- Data security and compliance,
- efficiency and synergy losses,
- lacking continuity and the disruption of a controlled environment.
Practitioner approach to SIT is depending on their strategic orientation. Approaches can be divided into three groups:
- IT-control
- User-orientated
- and user-driven.
Comments:
=> Research question can be: How to use Shadow IT as multiple opportunities for ITG practitioners to improve ITB alignment in large companies?
=> How can small size business approach Shadow IT as an source of innovation at small size business?
=> How to make Shadow IT as an valuable input for Organizational/IT strategy?
=> How to recognize user-driven IT innovations using Shadow IT?
=> How to make Shadow IT as an valuable input for Organizational/IT strategy?
=> How to recognize user-driven IT innovations using Shadow IT?
Györy, Andreas, et al. "Exploring the Shadows: IT Governance Approaches to User-Driven Innovation."ECIS. 2012.
No comments:
Post a Comment