INTERVIEW Alastair Pooley - Snow Software
“The use of cloud and SaaS means that IT decisions are being decentralised. This has, in the past been
described as ‘shadow IT,’ and this expansion of technology has become the new normal. “
Enabling IT
Transformation
Alastair Pooley, CIO - Snow Software
Fast-paced change in technology means that IT has to transition from being centrally controlled and locked
down to an enabling force for change. Alastair Pooley, Chief Information Offi cer atSnow Software, explain his
views on how to achieve this to Comms Business
Comms Business Magazine
(CBM): The temptation to
lock down the IT estate
is understandable, but
workers want to access the
applications they want . How
do you reconcile this without
putting the organisation at
risk?
Alastair Pooley (AP): Workers
may have very de ned views
about technology they wish to
use, and this can put them at
odds with IT and even the best
interests of their organisation.
According to a recent survey
of global workers, 41% of
employees will avoid involving
IT when seeking to access
professional software and
applications that they feel are
essential to doing their job.
e use of cloud and SaaS
means that IT decisions are
being decentralised. is has,
in the past been described as
‘shadow IT,’ and this expansion
of technology has become
the new normal. Whilst this
is a good thing, with any
systemic transfer of power, an
organisation’s IT infrastructure
can quickly descend into
chaos if employees, IT teams
and decision-makers don’t
collaborate.
It is of course possible
that cloud-based applications
may expose an organisation’s
corporate network and sensitive
data to risk. IT professionals
must nd ways of working
which are seen to be supportive
to workers and their preferences.
CBM: So who are the main
culprits in an enterprise?
AP: Whilst it would be tempting
to believe that it is sta who do
not understand the potential
problems and who opens the
organisation to risk, in fact
managers are almost twice
as likely as other sta to use
unauthorised professional
or personal software or
applications.
Whilst almost all executives
acknowledge that such behaviour
causes issues for the business,
more than half surveyed own up
to avoiding IT when accessing
professional software and apps.
When faced with such risky
technology behaviour, visibility
and understanding of the scope
of the problem is a critical step
towards identifying a solution.
CBM: How would you
recommend bringing the
workforce with you?
AP: Di erent generations
have di erent expectations of
technology. Younger workers
are more likely to be adept at
incorporating technology into
their personal and professional
lives than previous generations.
is generation naturally
expects workplace technologies
to mirror the technologies they
use in their educational and
personal experiences. ese
‘digital natives’ are moving into
leadership positions (and more
importantly, buying decision
roles) and are more hesitant
about involving IT in decisions
about the use software in the
workplace.
A ‘can do’ attitude will
encourage workers to continue
to involve IT departments
thus ensuring that expertise
from IT when it comes to
security, compliance and cost
management is available. To help
manage employee behaviour and
encourage proper device usage,
best practice would be to rely
on a combination of approaches
including:
1. Introduce and/or maintain
security awareness education.
Find innovative ways to
communicate risks with your
workforce such as browser
hijacking, ransomware and
malicious software downloads.
is helps to educate sta on
what is appropriate and what
crosses the line. It’s important
to make this training tangible
and fun. Do avoid hours of
compliance style videos.
2. Gain visibility into
the organisation’s IT
estate. It is important
that you understand
what employees
actually use day-today
and week-to-week
day in order to spot
both unauthorized
usage and software
installed on end-user
devices. If there
is an unapproved
tool which is being
widely used across
an organisation, it
may be worth the IT team
considering investing in the
tool or investigating and
providing an authorized
alternative.
3. Implement active controls.
rough the use of
unauthorized or unapproved
technology, employees can
create security issues for an
organisation. It is therefore
critical that security remains
strong. Review your active
controls at the network
perimeter or with anti-virus
vendors to try and prevent
malicious downloads or
employees visiting known
piracy sites.
It is clear that our relationship
with work and technology has
changed. As the guardians of
both the security and reliability
of their organisation’s technology,
IT must nd a balance between
empowering a new, more
demanding workforce whilst
safeguarding t the he business.
Alastair Pooley, Chief Information
O cer atSnowSoftware
56 | Comms Business Magazine | November 2019 www.commsbusiness.co.uk
/www.commsbusiness.co.uk