A recent audit of contracts and digital assets has uncovered the use of Shadow IT by several operating units that have contracted with cloud-services providers and web hosting companies to provide customer facing services. Everyone agrees that these services must be provided but, there is disagreement as to who should control the implementation and deployment of those services. You have been asked to write an opinion piece for an internal management newsletter covering the security issues and potential solutions for the problem of these uncontrolled IT capabilities.

Write your response in the form of an opening statement for a debate. Pick one of the two positions below and construct a 3 to 5 paragraph argument for your position. Include information from the System and Services Acquisition (SA) family of security controls. Your argument will be strengthened by the use of authoritative sources and examples — this means you need to cite your sources and provide a list of references at the end of your posting.

1. Position #1 — Shadow IT should be banned by the Council of Managers.
2. Position #2 — Shadow IT should be allowed subject to review of security controls by the Director of IT Security Services.

Remember to submit your discussion response to the Turn It In for Discussions assignment folder. See the forum instructions for more information.

For your critiques, focus on providing suggestions for strengthening the original poster's debate statement. Include at least 3 examples and/or content suggestions supported by your own readings (include citations and references for authoritative sources). For full credit, a total of two critiques and two additional responses or follow-up postings are required in addition to your main posting.