Updated: August 20, 2024 (August 1, 2022)

  Analyst Report

Lessons From How Microsoft Manages Internal Shadow IT

My Atlas / Analyst Reports

1,573 wordsTime to read: 8 min
Michael Cherry by
Michael Cherry

Michael analyzed and wrote about Microsoft's operating systems, including the Windows client OS, as well as compliance and governance. Michael... more

  • Like most organizations, Microsoft has security and compliance problems created by shadow IT.
  • Rather than shutting down shadow IT, Microsoft tries to set up people and processes to increase engineering maturity and reduce risk.
  • Not all of Microsoft’s approaches work for customers, who, unlike Microsoft, do not own the software and services driving shadow IT.

Many organizations must deal with shadow IT: applications, infrastructure, and services (collectively solutions) built or bought by people within the organization independent of corporate governance. Shadow IT solutions frequently do not comply with organizational compliance standards, which in turn creates security vulnerabilities or legal exposure. (For a description of what shadow IT is, see the sidebar “Shadow IT”.)

To address this problem internally, Microsoft is putting people and processes in place to increase the engineering maturity of people who develop shadow IT solutions to ensure these solutions are secure and compliant and, therefore, reduce risk. But, as Microsoft owns and promotes key products and services used to build shadow IT solutions, many of its approaches to addressing shadow IT may not work for other organizations.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now