We can work on A recent audit of contracts and digital assets has uncovered the use of Shadow IT by several operating

A recent audit of contracts and digital assets has uncovered the use of Shadow IT by several operating units that have contracted with cloud-services providers and web hosting companies to provide customer facing services. Everyone agrees that these services must be provided but, there is disagreement as to who should control the implementation and deployment of those services. You have been asked to write an opinion piece for an internal management newsletter covering the security issues and potential solutions for the problem of these uncontrolled IT capabilities.

Write your response in the form of an opening statement for a debate. Pick one of the two positions below and construct a 3 to 5 paragraph argument for your position. Include information from the System and Services Acquisition (SA) family of security controls. Your argument will be strengthened by the use of authoritative sources and examples — this means you need to cite your sources and provide a list of references at the end of your posting.

Shadow IT should be banned by the Council of Managers.

Shadow IT should be allowed subject to review of security controls by the Director of IT Security Services.
Remember to submit your discussion response to the Turn It In for Discussions assignment folder. See the forum instructions for more information.

For your critiques, focus on providing suggestions for strengthening the original poster’s debate statement. Include at least 3 examples and/or content suggestions supported by your own readings (include citations and references for authoritative sources). For full credit, a total of two critiques and two additional responses or follow-up postings are required in addition to your main posting.

find the cost of your paper
facebookShare on Facebook

TwitterTweet

FollowFollow us

Sample Answer

 

 

 

Opening Statement: Shadow IT – Controlled Innovation, Not Uncontrolled Chaos

The motion before us is clear: Shadow IT should be allowed, subject to review of security controls by the Director of IT Security Services. While the impulse to ban Shadow IT is understandable, driven by a desire for control and risk mitigation, a blanket prohibition is not only unrealistic but also counterproductive. It stifles innovation, ignores legitimate business needs, and ultimately drives Shadow IT further underground, making it even harder to manage. Instead, we must embrace a model of controlled innovation, where business units can leverage the agility and specialized services of cloud providers, but within a framework of robust security oversight.

Full Answer Section

 

 

 

 

The reality is that business units often turn to Shadow IT to address critical needs that traditional IT cannot meet quickly enough. They might require specialized software, cloud-based collaboration tools, or web hosting for customer-facing applications. A rigid ban will not eliminate these needs; it will simply force them into the shadows, where they become a greater security risk. Uncontrolled Shadow IT, operating outside the purview of IT Security, creates significant vulnerabilities. Data breaches, compliance violations, and system incompatibilities become far more likely when services are implemented without proper security assessments, vulnerability scanning, or penetration testing, as called for in the SA family of security controls (NIST, 2018). Specifically, SA-4 (Information in Shared Resources) highlights the importance of managing information in shared resources, something often neglected in Shadow IT deployments. Without oversight, sensitive data can be stored in insecure cloud environments, accessed by unauthorized individuals, or even lost entirely.

Our approach must shift from prohibition to proactive management. By allowing Shadow IT subject to review, we bring these rogue deployments into the light. The Director of IT Security Services can establish a clear process for business units to request approval for external services. This process would include a thorough review of proposed security controls, ensuring compliance with organizational policies and industry best practices. This review would cover areas like data encryption, access controls, vulnerability management, and incident response planning, directly addressing the requirements outlined in SA-5 (System Access Control) and SA-11 (Information System Integrity) (NIST, 2018). Furthermore, this process allows for the IT department to leverage their expertise to guide the business units in selecting secure and compliant solutions, rather than simply reacting to unauthorized deployments.

This approach offers a win-win scenario. Business units gain the agility and flexibility they need to respond to market demands, while the organization maintains control over its security posture. We empower innovation while mitigating risk. By embracing controlled innovation, we transform Shadow IT from a threat into a valuable asset, driving business growth while ensuring the security and integrity of our systems and data. This is not about giving a free pass to uncontrolled deployments; it’s about establishing a framework for responsible and secure adoption of external services. It’s about moving from a culture of “no” to a culture of “yes, but securely.”

This question has been answered.

Get Answer

Is this question part of your Assignment?

We can help

Our aim is to help you get A+ grades on your Coursework.

We handle assignments in a multiplicity of subject areas including Admission Essays, General Essays, Case Studies, Coursework, Dissertations, Editing, Research Papers, and Research proposals

Header Button Label: Get Started NowGet Started Header Button Label: View writing samplesView writing samples

Custom Written Work

Guaranteed on Time

Achieve the Grade You ordered