VA combatting shadow IT by having options ‘readily available’

Agencies can avoid unmanaged shadow IT creeping into their operations by offering customers a bevy of easy-to-use options, says Dominic Cussatt, the Department of Veteran’s Affairs’ principal deputy chief information officer.

“You have to give your customers options. If they don’t feel like they’re getting serviced properly from the central IT function, they’ll go find their own way. Because they’ve got a mission to execute,” Cussatt said Thursday during the Data Cloud Summit produced by FedScoop.

Shadow IT refers to the use of non-approved software or systems, which can open up huge security risks.

In 2017, FedScoop conducted a survey that found a majority of federal IT personnel use shadow IT to perform their jobs because government-issued devices often don’t support the applications they need. And according to Cussatt’s experience at the VA, that seems to still ring true.

Cussatt said the VA is reorienting its development and operations approach around portfolios of services that customers can then shop from. The idea is that these portfolios are ready to deploy, checked out from a security standpoint and with buys already in place.

“That ease of access helps them and helps them avoid seeking other options,” he said.

The VA is also utilizing a Systems-as-a-Service platform as a solution to shadow IT.
Customers can access and shop for things like a customer relationship management tool or call center option and then use their own funds to access it. Even though it’s an outsourced service, the VA will have already checked it for security and interoperability.