Experts say to start with the following

relemedf5w023 · Post by **relemedf5w023** » Mon Feb 10, 2025 6:04 am

Once you discover assets hidden in shadow IT, resist the temptation to shut down the whole thing.

“There’s one thing that IT should not do, and that’s to lock it all down. That typically has two consequences. One, it stifles innovation and creativity. Two, it makes shadow IT go even further into the shadows,” says Andy Myers, director of enterprise agility at consultancy ISG.

Using Shadow IT for Business Success
Once shadow IT assets have been identified, it's time to look for ways to use them for the benefit of the company as a whole.

Check for unused licenses and duplicate applications. Don’t be surprised to find multiple duplicate applications used by different employees who can’t easily share information or collaborate in the digital workplace, warns Haramati. “This also means that IT has to maintain redundant applications. Additionally, many shadow IT licenses are canada mobile database or underused, and subscriptions are often renewed without the knowledge of the application owner or IT,” he says.
Double-check apps that may still be lurking in the shadows. Fortunately, there are tools to help you with this task. “By looking at data in an identity provider like Google Workspace, you can identify OAuth grants used to sign in to third-party apps. There are other sources, too, like DNS logs or accounting software like corporate credit card software,” says Trauner.
Establish ongoing governance. To avoid trouble, be proactive and attentive. “You can establish an ongoing governance process so that all apps go through a security review, and apps that exceed a certain spending threshold are assessed against what’s already in your SaaS system,” says Christopher.
Encourage security to be more developer-friendly. Security protocols and attitudes toward them are the most commonly cited things that developers and users are trying to avoid when using shadow IT. This will continue unless compliance with security is made significantly easier. “A ‘you wrote bad code’ attitude is not going to win hearts or minds,” says Vikram Kunchala, principal and head of the cyber cloud practice at Deloitte Risk & Financial Advisory.