Malus Intl Facing Shadow IT Problem, Client Data Breaches Result of Unregulated SaaS Apps

Introduction

Malus international is facing a problem known as shadow IT with its clients. Shadow IT refers to services, systems, software, data, and systems that are beyond the control of central IT. This problem was causing trouble for the company because the clients were complaining of data breaches. What was peculiar about these data breaches was that they came as a result of the employees' uncensored use of software as service applications. The problem had blown out of proportion, and clients were calling in their numbers. The chief executive officer hinted that the research team of the company was working on the way to combine central IT best practices without restricting the innovation and flexibility of end-users (Hall and Krogh 2018, page 1). Shadow IT is a problem that has existed for some time even though some organizations have put strategies to respond to it. The most significant concern is about bringing systems that have not been vetted into the organization. Introducing IT that is not vetted comes with a host of problems to the existing systems. It could lead to security breaches, inefficient use of the IT budget, applications that did not integrate, user-built applications not coded to institutional standards, lack of IT help desk support, duplication of existing applications, and noncompliance with regulatory requirements (Hall and Krogh 2018, page 1). Even with these problems, cases of employees still using unapproved apps within the organization is higher than ever because of the growing digital economy. Thus, companies are finding it challenging to balance between IT oversights and letting employees be flexible and innovative. Therefore, it is to analyze the IT situation of Malus international and give recommendations to remedy the concern. The analysis will focus on the information system, including the people, the processes, and technology.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Analysis of the Situation

Analyzing the IT situation of the organization will include identifying the underlying causes of the challenges identified, examining the positive aspects of the case, and showing a clear link between business and IT. The most likely cause of this problem is a lack of clear consensus and poor communication of the SaaS policies (Oshri, Kotlarsky and Willcocks 2008, page 289)). Admittedly, many companies are facing this problem, including large enterprises. It may also not be a surprise if it turned out the company does not have any SaaS policies at all. Without these policies, there is no guideline that employees may work within. Also, the fact that everyone uses the non-approved SaaS application in the industry may have inspired the workers to follow suit. Companies themselves have SaaS applications that are not approved by the relevant bodies (Oshri et al. 2008, 289). Studies indicate that seven out of twenty SaaS applications in companies are unapproved. This translates into at least 35% of unapproved applications in the organization. So, it is even authoritative to highlight that the use of these applications is no longer in the shadows.

Most of the time, employees use these applications not because they are rebellious or they want to defy the system but because they want to do their job. As mentioned before, even the organizations themselves are purchasing these applications for usage within the company. The reason could then be that the employees are conversant with this software and are comfortable using them, unlike the other approved ones (Cullen, Seddon, and Willcocks, 2006, page 128). This is also important because it helps them to achieve results in the ways they know best and are comfortable with. Employees recognize how risky it is to use these applications but continue anyway. A study revealed that 15% of employees are aware that IT shadow may expose valuable data to the wrong hands but continue using them anyway. Perhaps they have grown numb to all the warning signs given to them.

On a different note, using SaaS delivery model instead of traditional licensed software may be a good thing for Malus International. Most prominent of these benefits is that it saves the company hefty expenditure on capital investment since the application vendor hosts the software themselves (Cullen et al. 2006, page 128). It means that the vendor is responsible for the investment in infrastructure and its maintenance. As well, the vendor manages the performance of the application, plans capacity, performs upgrades and refresh, tests, and maintains the infrastructure. Even more importantly, the vendor does data recovery backup for SaaS applications. It then means that no resources would be required by both the individual employee and the organization in purchasing these components. SaaS is also available on-demand, thereby making its deployment quick and convenient.

Recommendations

As often seen in many incidences of shadow IT, bad things may happen even if the employee had good intentions. In most of these incidences, however, it is the company that suffers the damages and not the employee. It is for the reason that organizations should start to take IT seriously. Companies need to make the dangers of using non-approved applications by employing some strategies and not just by confrontation. The chief information officer is the one responsible for such aspects of the company and should develop and implement working strategies to protect the organization from shadow IT.

Foremost, the organization must establish SaaS policies that are in alignment with its long-term strategies. In a rush to achieve a sustainable competitive advantage, businesses forget that their most basic responsibility is their customers who must be protected at all costs. Innovation has also brought a broad array of technologies and tools that companies use in their daily operations. At the same time, a company must let employees work in the best way they know but within the acceptable parameters (Chan 2008, page 2). It is why organizations must come up with broad SaaS policies and not just restrictive ones. Restrictive policies always limit the flexibility of employees to the point that they may start finding their jobs tedious and boring. Heavy-handed policies do not usually achieve their purpose and only result in the dimming of the innovative light that characterizes successful organizations.

Protecting the business transparently and comprehensively can also help in eliminating the shadow IT problem and avoiding future issues of the same kind. There are myriad security options available for this purpose which provides proactive protection against malware, thereby securing the company data. The protection tools are also vital in enforcing acceptable usage policies and preventing outbound leakage of critical data. Another strategy is inclusivity rather than exclusivity (Chan 2008, page 2). In this respect, the organization does not have to force its employees to use particular SaaS tools and lock others out. Instead, the company should establish a security solution that makes it safe to use a broad array of available SaaS tools. Some applications are used more than others. It is critical that the organization takes note of these apps and mitigate the risks associated with their usage instead of blocking them from being used by the employees. It is more effective to develop solutions that make it possible for the organization to control the use of such software applications. Most importantly, communication with the key stakeholders in this endeavor is critical. Upon the establishment of policies that balance employee freedom with corporate protection, it is pragmatic to communicate with the employees and business to help in the evaluation of the new strategies before taking effect.

References

Chan, Y.E., 2008. Why haven't we mastered alignment? The importance of the informal organization structure. MIS Quarterly executive, 1(2), p.2.

Cullen, S., Seddon, P.B. and Willcocks, L., 2006. Managing outsourcing: The lifecycle imperative (Vol. 139). London: London School of Economics and Political Science.

Hall, O., & Krogh, E. (2018). Malus Analytics International: Combatting the Menace of Shadow It [Ebook] (1st ed., p. 1). Ontario: Ivey Publishing. Retrieved from https://www.thecasecentre.org/educators/products/view?id=158915

Oshri, I., Kotlarsky, J., & Willcocks, L. (2008). Managing dispersed expertise in IT offshore outsourcing: lessons from Tata Consultancy Services. In Outsourcing Global Services (pp. 288-310). Palgrave Macmillan, London.