Edinburgh City Council is to create a register of shadow IT systems that have been purchased by various departments without appropriate controls or oversight.
The city council’s governance, risk and best value committee identified a series of risks around ‘fragmented’ systems that are in use across different departments without the knowledge of the IT department. They are typically externally hosted by a third party supplier, and usually cloud based.
Shadow IT can also include software or hardware such as laptops, smartphones, and scanners that can be connected to an organisation’s network.
Across the council, shadow IT includes technology systems used by directorates and divisions that are not hosted on either the Council’s Corporate or Learning and Teaching networks, or not supported and maintained by Customer and Digital Services and CGI, the Council’s technology partner.
The report said: “Significant control weaknesses were identified both the adequacy of design and operating effectiveness of the key controls established across the Council to manage the security, information, and resilience risks associated with ongoing use of shadow IT and end user computing applications to support delivery of Council services. Consequently, two High rated findings have been raised.
“The first finding highlights the need to refresh the Council’s digital strategy for both the Corporate and Learning and Teaching networks to provide a clear strategic direction for future use and alignment of technology systems across the Council that includes consideration of use of both shadow IT and end user computing applications following assessment of their associated advantages and risks.
“This finding also confirms that there is no current register of shadow IT and end computing user applications used across the Council and notes that Directorates and Divisions are currently procuring shadow IT applications on their own with limited oversight by or engagement with either Commercial and Procurement Services or Digital Services to confirm that all relevant risks have been considered either prior to purchase or in advance of contract extensions through a waiver of the Council’s Contract Standing Orders.”
The report added that the established Digital Service and CGI enterprise architecture governance forum is “limited in its ability to effectively ensure that the Council’s current and future technology architecture is optimised; efficient; provides best value; and remains aligned with the Council’s digital strategy and technology risk appetite”.
As a result the council has agreed to update its digital strategy – first conceived in 2016 – this year that “includes consideration of future use of both networked and cloud-based systems solutions that are aligned with the Council’s strategic and service delivery objectives and applicable security and compliance requirements.”
A separate cloud strategy will also be prepared as part of the overarching digital strategy that outlines the opportunities and risks associated with ongoing and future use of cloud based shadow IT systems.
In addition a council-wide register of shadow IT and end user computing applications will be developed and centrally maintained by Commercial and Procurement Services (CPS).
Related posts
Interviews
Comment
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…
Look anywhere – the future is ‘aged tech’. But Scotland needs to be more adventurous
Scottish Care, as the representative body of independent social care providers of care home, care at home and housing support services, has been working over several years with colleagues in…
Women Lead: Engineer turned entrepreneur
We are always fascinated by other people’s stories. It’s how we connect, grow and learn from each other. Until very recently I always felt like I didn’t have a story to tell. Who…
‘Women – together we will change the dynamic in tech’
I was inspired to start a career in technology when personal computers were in their infancy and the internet decades away. My childhood dream of becoming a scientist was shaped by…
It’s time to change the future of tech apprenticeships – and we need your help
In his latest exclusive column for Futurescot, Ross Tuffee, chair of the Skills Development Scotland (SDS) Digital Economy Skills Group, calls on tech employers to get involved in shaping the…
What AI difference a year makes
Amazingly, it’s been one year since the publication of Scotland’s AI Strategy. And what a year it has been. Demanding but rewarding, with good progress made and great foundations laid…
International Women’s Day: It’s time to harness power of women in technology
As we celebrate International Women’s Day, I hope to be part of a future where barriers that prevent women from competing on a level playing field in the work environment…