What to do about users self provisioning services?

IT is a service department.

IT is more often that not a service department. Users come to us asking for some new requirement and we design a solution that provides a service to meet that requirement.

That has been the model so far anyway. But with more and more web applications every day it’s quickly becoming the case that users go off on the Internet and find there own solutions.

In one way that’s a very interesting new behaviour, but for a company and for the IT department it can mean no end of nightmares regarding data protection and security, with data leaving the building left, right and centre with no accountability and no way to access this information after individuals leave the institution.

What can we do about this ever increasing phenomenon?

I think it would make the IT department to seem like miserable control freaks to try and prevent the use of extra-institutional resources, but something does need to be done.

So it seems that this is something that would maybe benefit from policy being put in place by upper management or offering extra-institutional advocated services.
For example SlideRocket’s website can be signed into using a Google account, and so if your institution uses GMail for email, you still retain control of the account access within the institution.

I’m not sure whether carrot or stick or a combination is best here. But the debate needs to be had and the questions need to be raised, and perhaps more importantly, and key, upper management should be made aware of the risks of data leaving the organisation in this way.

Leave a Reply