Comment by atoav
9 days ago
As someone who has worked in IT support: The problem is that people using that shadow IT will come running when they produce real tangible damage, because they lose data or some totally ridculous workflow stops working and you now have to reverse engineer some undocumented database format to extract at least the most urgent data. I am not a fan of IT GESTAPO, and everything should be measured, butbif I learned one thing it is that people will do the dumbest, riskiest shit if left tontheir own devices.
Also: if you work with certain customer data a good way to not only loose your job, but a ton of money would be to e.g. put that data into your shadow IT that might be running on some servers somewhere. E.g. people constantly asked us to use Zoom "because it is free and works", but we were in the public sector and a contract with them that guaruantueed the privacy of our clients would have costed a significant fraction of our yearly IT budget — and we are required by law to have such a contract.
When you then ask those people if they want to part with that money suddenly nobody is so adamant anymore.
This is true. I suspect that a lot of these massive breaches, was because some less-technical person loaded the customer data onto an unsecured AWS instance, while they were running measurements on it.