Whether you’re working within your organization’s IT team or outside of it, you’ve no doubt heard the term “shadow IT” or even come to grips with it. The technology media company TechTarget defines shadow IT as “hardware or software within an enterprise that is not supported by the organization’s central IT department.” The TechTarget definition also acknowledges that shadow IT can have a negative connotation “because it implies that the IT department has not approved the technology or doesn’t even know that employees are using it.”
Shadow IT grew out of impatience by employees with their IT team regarding the pace of implementation of desired technology or access to it. TechCrunch captures a good sense of the dynamics at work in its coverage of shadow IT: Overwhelmed IT staffs tend to concentrate, understandably, on projects affecting the company’s bottom line, such as those that up sales or better the customer experience. The result is that all sorts of internal requests, such as those aimed at improving logistics, keep getting pushed toward the back burner—to the frustration of the employees wanting to make progress. And so, the employees take matters into their own hands.
Many Temptations to Blow Off IT
In an InformationWeek article “Shadow IT: 8 Ways to Cope,” Andrew Froehlich, president and lead network architect for West Gate Networks, offers three root causes for shadow IT in this day and age:
- The blistering pace at which technologies come to market: “Oftentimes, the latest and greatest is immediately seen as valuable by a particular business unit,” states Froehlich. “Most IT organizations are not structured to offer new IT solutions at such a rapid pace.”
- The BYOD phenomenon: BYOD has opened up a new avenue by which employees can make their own choices about the mobile hardware and software they harness.
- Cloud computing and related software as a service (SaaS) and platform as a service (PaaS) applications: Departments have the potential to use cloud to circumvent IT, according to Froehlich.
Dangers Lurking in the Shadows
Shadow IT is not a minor concern. CIO, quoting a Cisco study, states that “the typical firm has on the order of 15 to 22 times more cloud applications running in the workplace than have been authorized by the IT department.” Forbes, while acknowledging that there are benefits to shadow IT in the form of promoting innovation, increasing flexibility, speeding up projects, and reducing hassle, lays out a number of substantial risks:
- Encouragement of organizational silos
- Impedance of the cross-functional collaboration that businesses need to thrive
- And a huge issue cited by many other sources as well: major danger of compromised security in what can be a “Wild West” environment, “with employees doing whatever they want, technologically speaking, in the lawless land of shadow IT.”
And there’s also the cost factor. CSO delves into a 2015 analysis by security and networking solutions provider Blue Coat Systems of cloud file sharing that reveals an average financial impact of $1.9 million to organizations as a result of unmanaged shadow IT.
Compounding the situation is the lack of awareness on the part of many IT organizations about just how much shadow IT is transpiring under their nose. ITProPortal reveals that only 8 percent of organizations large or small have a good handle on how many unmanaged cloud apps are floating around within their business.
Shedding a Different Light on Shadow IT
Even though there’s a brooding quality to all this shadow talk, the general tenor of some of the numerous articles I’ve explored here are actually upbeat. That’s because a pragmatism has been surfacing about shadow IT and how IT organizations can incorporate it successfully into their game plan. The Forbes article headline is “Why CIOs Should Be Happy About Shadow IT” and advises a “rebranding” of shadow IT to something more along the lines of “dispersed IT.” The goal is for IT organizations not to be punitive in their efforts to get on top of the situation, but instead to bring the activity out of the shadows and work proactively with other teams to fix problems.
TechCrunch’s article is titled “It’s Time to Embrace, Not Fear, Shadow IT” and advocates empowering “citizen developers” to quickly and easily build solutions that help the business move forward without IT support, especially those types of projects that get relegated to limbo because IT doesn’t have the bandwidth. Along with this approach would come careful security measures. ”Businesses must grade the security risk of shadow IT against the opportunity cost of stifling citizen developers from innovating,” says the TechCrunch article.
CIO speaks about how Cisco has established a cloud governance board to ensure that employees get the applications and services they need to succeed while it keeps a check on shadow IT.
Check out the slide show in InformationWeek’s “Shadow IT: 8 Ways to Cope.” Here you’ll see some meaningful ideas for IT organizations in dealing constructively with shadow IT:
- Reduce evaluation times when business units come to IT with new technology requests.
- Streamline implementation processes: “Creating new processes for fast-tracking approved technologies is a must,” says author Froehlich.
- Embrace the cloud: Encourage leveraging of cloud while at the same time creating the necessary authentication, authorization, and accounting mechanisms.
- Be proactive by keeping up with the latest technology your employees will be clamoring to use.
- Reinforce what will not be tolerated, because it is crucial to avoid compliance and regulatory failures.
- Show budget flexibility: “You may find that departments are much more willing to work with you,” says Froehlich, “as long as you pay.”
- Get involved with business units outside of IT: “Identifying the right people within business units and volunteering to assist with their IT needs can go a long way toward reducing any animosity they might have,” Froehlich says.
- Approve short-term shadow operations: Resist that first inclination to shut down a shadow IT operation immediately. Instead, take the time to evaluate whether you should change it, modify it, remove it, or let it remain.
These coping mechanisms represent a way to bring shadow IT out from the dark corners and into the light of day where it can be better managed for everyone’s best interests. IT organizations risk prolonging the problem by not meeting it head-on and productively.
Says Bob Dimicco, global leader and founder of Cisco's Cloud Consumption Service practice, as part of the CIO article, “It's really clear, employees and lines of business have spoken—they want choice, they want greater speed and agility. IT has lost control here, because organizations, lines of business are saying I can go to the Web and get an application or a service within minutes and start being productive.”
Where do you weigh in on the issue of shadow IT? Where in your opinion is the right balance for IT organizations between encouraging innovation and being in control of the technology? Let us know in the Comments section below.
Gary Pfitzer is a content manager at Learning@Cisco, focused on bringing various aspects of today's IT journey to light through business papers, blogging, customer success stories, and other writing.