How to empower your team to curate their own tech stacks while mitigating risk

By Dave Gordon

 

Back in the “old days,” your company provided all the tech used by your employees. There was no such thing as a self-directed search for tools, and no possibility of installing and using software without approval. Many members of your IT department might look back on those days with nostalgia because that was when they had full control over your company’s tech stack.

In today’s climate of self-service SaaS, bring your own device (BYOD), and plug-and-play tech culture, your employees are tech natives who curate their own tech stacks. They see no reason to wait through a long consultation and approval process when they can set up a free trial and get started on a new tool immediately. They are used to finding their own tools, using their favourite tablets, and deciding which apps work best for them, so you probably shouldn’t even try to confine them to a limited list of approved technologies.

Reports show that 46 per cent of employees have introduced new tech into their organizations, and 53 per cent resist policies to allow IT to control the tech they use. (Report requires registration).

You want your workers to be able to act independently to find the best tools that match their workflows and preferences. You don’t want to cramp their style, and you do want to create a can-do, supportive company culture. But when it comes to matters like security, budget efficiency, inter-departmental collaborations and regulatory compliance, self-service tech adoption can become a nightmare.

The risks of an out-of-control tech stack

Self-curated tech stacks may sound idyllic, but they bring numerous risks along with them. At its most basic, this approach is inefficient. Self-managed tech stacks are fertile ground for collaboration silos. There’s no way to know if one person’s creation and collaboration software can “play nicely” with that of the next team member until they are stuck in a project, unable to work on the same document, and someone is forced to transfer all their assets to a different app.

Far more serious is the cybersecurity threat of shadow IT. When your security team doesn’t know what software and hardware are in use around the company, they can’t know what vulnerabilities they need to address, creating the perfect conditions for a data breach. An estimated 69 per cent of companies have experienced breaches caused by employee data security negligence, and it’s the most common cause of breaches overall.

An out-of-control tech stack raises the risk of compliance breaches and other security incidents. With data safety regulations multiplying around the globe, setting a single foot wrong in terms of user confidentiality and data protection can be extremely expensive.

Related:

Why desktop virtualization is a tool, not a strategy for taking on BYOD

Additionally, you’re almost guaranteed to lose money if you have no central oversight into tech stacks. After all, you have no way of knowing whether you’re paying for double licenses for the same app, supporting overlapping tools that do the same job or still paying for apps that no one is using anymore. In enterprises, approximately 38 per cent of software licenses go unused, due to inefficient software management practices, blind spots, and incomplete offboarding processes.

Leaving employees to curate their own tech stacks without oversight or regulation is a recipe for disaster. But there are ways to balance your employees’ demand for autonomy with your need for visibility and control.

Make most people happy, most of the time

It’s a given that you can’t keep everyone happy all the time, but with a combination of new tech and old-school education, you can keep your employees and your IT and security team members happy most of the time.

Here are some tips from relevant experts.

1. Educate and empower employees to take responsibility for business security

A security-first culture trains employees to take collective responsibility for company-wide security.

“The key to a robust security program is not technology, it’s not process – it’s people,” Rod Aday, chief information security officer for Dexia Credit Local, recently wrote in an essay for LinkedIn. “We can no longer afford to simply look for an online training solution, roll out a security awareness course and consider our job done in this area.”

It’s vital to educate your employees about the risks of new tools, teach them how to check for data protection compliance before signing up to a new tool, and guide them to choose strong passwords every time.

2. Map and remap your tech stack

Instead of trying to stop shadow IT from existing, use tools that allow you to shorten the time it takes you to discover new tech solutions being used in your company, and automate processes that need to happen following discovery.

“IT executives can either keep chasing after line-of-business software users, blocking them from adopting new technologies and slowing down the organization,” Torii chief executive officer for Uri Haramati told TechBullion.“Or they can empower better decision making around technology, encouraging the organization to adopt the best SaaS solutions while managing governance issues related to these tools in the background.”

What’s more, once you have this level of visibility, you’ll be in far better position to monitor software updates for vulnerabilities, stay on top of renewal dates to cancel or renegotiate contracts in time, and quickly discover new sign-ons so you can cut off apps that are unsafe or don’t integrate well into your system.

3. Make it fast and easy to request authorization for a new tool

Employee education goes hand in hand with simple processes. If your authorization process is too difficult and the wait for approval is too long, employees will silently bypass your oversight system.

They should be able to request to add a new app within just a few clicks, and the team members using your system should grant or refuse permission as close to instantly as possible.

“The need for better employee experience, from an IT service and support perspective, is something that’s increasingly being recognized by IT departments around the world,” noted SysAid CEO Sarah Lahav as part of her predictions for 2020. Indeed, “the role of IT – while still very much about value creation – also needs to have a laser focus on improving employee productivity through better service and support provision.”

Have your tech stack cake, and eat it too

Enterprises have to walk a fine line between granting employees’ autonomy over their own tech stacks and maintaining control and visibility into a murky environment. Without any oversight, you’ll quickly face the dangers of unseen security wormholes and data breaches, alongside collaboration silos and out-of-control tech spending.

In contrast, the right education programs and oversight systems enable you to map out tech stacks and minimize lag time on reactive intervention, without cramping your employees’ style.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs