Mitratech ClusterSeven Shadow IT Manager

ClusterSeven Shadow IT Manager is an End User Computing (EUC) governance and Model Risk Management (MRM) product that, as its name suggests, aims to address the issue of shadow IT (which is to say, important business computing assets, such as spreadsheets, that are not centrally managed or governed) which looms large over many businesses, whether they know it or not.

To wit, Mitratech estimates that the average enterprise contains 4-10 times as many shadow IT applications (including such things as spreadsheets) as corporate-managed apps. This is a problem, since (among other things) it is very easy for ungoverned applications and assets to unduly expose sensitive information, undermining any holistic attempt at governance or regulatory compliance. Hence, ClusterSeven helps you to find, understand, manage and monitor EUC apps and assets that currently reside under the banner of shadow IT. In this way, the transparency and control it provides enables you to demonstrate compliance with various applicable regulatory standards. Centralised, automated reporting is also available to ensure that these controls are provably consistent across your entire enterprise.

Moreover, an important, but often poorly grasped, part of modern regulatory compliance is the need to understand the relationships between your assets that are already centrally governed and monitored on the one hand, and your assets that remain in the wild on the other. Understanding these relationships requires robust data lineage, which ClusterSeven provides.

ClusterSeven is underpinned by enterprise-grade workflow automation that forms a standalone solution in its own right. Its APIs mean it can also be deployed alongside the rest of Mitratech’s broad-reaching, enterprise-ready GRC product suite, or pass EUC information to other GRC or data management solutions. Other relevant Mitratech products include, among other things, PolicyHub, for automated and easy-to-use policy management, and Alyne, a cloud-native, AI-enabled GRC platform.

Customer Quotes

“IMS is an extremely powerful tool that has enabled us to gather information in a standardised way and attribute ownership of each spreadsheet and EUC to designated individuals. Ownership of EUCs is instrumental to achieving a controlled environment.”
Rabobank

“ClusterSeven has has highlighted the challenge of manually managing spreadsheets, but more crucially brought to light the risk that poor control of change management can be to the Bank’s risk and finance functions.”
SMBC

ClusterSeven adopts a “lifecycle” approach to delivering EUC governance and MRM in a continuous and ongoing fashion. The stages of this lifecycle are shown in Figure 1 alongside ClusterSeven’s MRM capabilities with respect to each of them. Auditing is also available at every stage. To address the needs of this lifecycle, ClusterSeven provides capabilities in four main areas: discovery, inventory management, active monitoring, and reporting.

Figure 1 – ClusterSeven’s MRM capabilities for each stage of the model lifecycle

For discovery, the product enables you to identify EUC assets via a discovery scan. What exactly constitutes an EUC asset is decided by user-defined rules, allowing you to set your own criteria for what qualifies. After identifying an ungoverned asset, you can perform a risk assessment (again, based on a user-defined set of rules, created using a Q&A wizard) and/or a technical analysis on it. This asset can then be registered in the ClusterSeven Inventory Management System (IMS), a central hub for the inventory of EUC assets and models, and you can (optionally) select key EUC assets for continuous control by registering them for active monitoring. In either case, the aforementioned risk assessment and technical analysis are carried forward.

Figure 2 – Model Risk Inventory in ClusterSeven

Inventory management is accomplished via IMS, and features a full audit trail, guaranteed data integrity, and the aforementioned risk assessment and technical analysis. It also stores the relationships between any given asset and your other models and/or EUCs.

Active monitoring features change management for Excel (via Enterprise Spreadsheet Manager, or ESM), script-based EUC assets (via Text Script Manager, or TSM), and Access databases (via Access Database Manager, or ADM), and allows you to monitor both structural and content changes, while the product’s reporting capability provides detailed, aggregated EUC and MRM data. It is highly configurable, allowing, for example, for your reports to be closely aligned with your policy requirements. It includes (again, configurable) workflows with an optional reviewal/approval component for document changes. It can integrate with and export to other GRC systems and business intelligence tools, and includes various visualisations.

ClusterSeven is a mature, justifiably well-regarded product that works well alongside the broader Mitratech suite of GRC solutions. This is a significant advantage that benefits both Mitratech as a GRC platform and ClusterSeven as an EUC governance solution. In particular, ClusterSeven was already a comprehensive solution before being integrated into the Mitratech family; now, this is even more true. At the same time, ClusterSeven is particularly notable for its enterprise-grade workflow functionality, which can now be used across the Mitratech product line. This means it can be used to create workflows that run end-to-end across your entire (Mitratech) GRC solution.

We also appreciate the evident focus ClusterSeven puts on configurability and adapting to the needs of the user, which is felt throughout the product. We are likewise pleased by its emphasis on identifying relationships (particularly dependencies) between EUC assets, which can be incredibly important for both finding ungoverned assets and understanding (and thence governing) your managed assets, especially given the extreme number of dependencies that can end up being embedded in even a single file.

The Bottom Line

ClusterSeven Shadow IT Manager is a highly effective governance solution for spreadsheets and other EUC assets, that gains substantial benefit from its integration with Mitratech’s broader suite of GRC products.