How to Manage Cloud Apps
Associations NowUsing teamwork, transparency, and increased communication, associations can give employees access to apps without worrying about the security risks that come along with it.
Employees are increasingly taking software selection at the office into their own hands: According to a 2016 study by Cisco, organizations on average use a whopping 1,120 cloud-based applications, a 70 percent spike from the prior year. And only one needs a security issue to cause problems for an association. Earlier this year, Dropbox, one of the more prominent file-sharing cloud apps, reported that data of 68 million users was hacked in 2012.
Stories like those can prevent CIOs from sleeping easy. But Prabhash Shrestha, CAE, vice president of technology at the American Gastroenterological Association, prescribes calm through increased communication.
Upon his arrival at AGA in 2014, he assembled a “tech team” of 18 senior staff members to discuss technology issues at the organization, and so-called shadow IT is often at the top of the agenda.
We look at the greater benefit of having software that everyone uses.—Prabhash Shrestha, CAE, American Gastroenterological Association
The meetings are opportunities for departments to discuss apps that staffers find useful and apply a vetting process for approving them. “We have a quick vendor selection matrix where we focus on security as one of the primary things,” Shrestha says. “[We look at] the data security [of the software], the data quality plan. How will they adhere to that?”
The process is designed to get apps approved quickly, and Shrestha says IT departments should serve more as a connector than a roadblock. The benefit of AGA’s cross-departmental meetings is to identify apps that can increase efficiency for multiple groups.
“We look at the greater benefit of having software that everyone uses,” he says. “Rather than having our content and documents in 15 places, because we came together as part of the vetting process we now have all the content under one umbrella. The users become part of whatever system we select, whether it’s Google Docs or something else.”
But Shrestha points out that getting those people in the same room in the first place requires explaining the bottom-line and security benefits of collaboration. That may demand that IT leaders craft a new vision of what they do.
“We have to treat the technology department not as a laptop-changing department or keyboard-changing department but as a business unit,” he says. “How can a technology department do a good job in enhancing infrastructure? Enhancing business processes? Creating new revenue? [Providing] help in implementing new products, new line of services, new line of resources? If other department VPs can see that and can believe that a leader can come in IT and help with that, selling an idea of a tech team becomes extremely easy.”
[This article was originally published in the Associations Now print edition, titled "Out of the Shadows."]