Compliance and Security are never ending cycles. Every organization must continually
· evaluate Security Threats and Compliance Needs,
· develop appropriate responses (sufficient and cost effective), and
· implement the responses, whether through acquisitions or internal efforts.
Let's be honest - supporting this cycle is almost always some combination of both acquisition and effort.
With the daily continuing demands of keeping the business going is there sufficient reserve band width for this?
Probably not - maybe cost-effective assistance is what you need.
Riding herd on all the projects an organization has going is enough to keep most responsible people burning the midnight oil. Not only are there long hours and their consequences, but are other needs, especially operational support, being neglected? Maybe an assistant to offload some of the project oversight/management load is needed.
Many organizations have software development capability that focuses on operational needs. What happens to support needs - they are often ignored or at least delayed. This often results in less than optimum efforts within the overall organization to meet the needs, including Shadow IT efforts. While well meaning, Shadow IT efforts have historically caused unforeseen problems, e.g. operational over sites like backup and continuity, and Security and Compliance concerns.
One way of reducing Shadow IT impact is to provide the organization with "out of band" resources to assist with the needs.