The term ‘shadow IT’ might sound negative but the trend itself is actually a lot less sinister than that. It is something that the majority of us do at work to varying degrees. That is why CIOs must find a way to work with it rather than against it.
According to the Cloud Security Alliance, only a tenth of organisations know the extent of shadow IT in their business. In the same way as BYOD caught some organisations off guard, shadow IT is spreading across enterprises, whereby individual lines of business such as sales or R&D adopt new tools to facilitate their work without the buy-in of the IT department. Some employees might use a cloud-based document sharing platform to aid their workflow without even knowing that this is shadow IT. As all departments have different technology needs and as the BYOX trend gathers pace, we are set to see more and more people make their own technology choices without the approval of the IT department.
The recent scandal surrounding Hillary Clinton is what ZDNet see as a high profile case of shadow IT. Clinton used a personal email account to conduct official government business. Importantly, Clinton did not use a public server for the email account, as this would have caused serious concerns around the protection of sensitive data. Perhaps she felt it was easier for her to use her own email account instead the government-issued one. Maybe it helped make her more productive.
While shadow IT often boosts productivity amongst end users, it can pose some challenges for the IT department, who tend to see the trend as technology sprawl amongst employees and loss of control. It is difficult for IT departments to police – as soon as one tool is blocked, employees will find another tool to perform the same task. That is why IT departments must learn how to adapt to, rather than fight shadow IT.
Another reason to work with shadow IT is because in most cases, it is actually good for a business. It empowers employees to look for more innovative and effective ways of working. For example, the sales team might use a cloud-based collaboration platform to share insights on new leads, instead of sending dozens of emails or spending hours on conference calls. Shadow IT can also be used to pilot apps and tools for the business. Employees will download different apps to make their jobs easier no matter what, so it makes sense for the IT department to gain insights to determine if the whole business might benefit from the technologies in question.
The point where any tool or platform needs to be brought out of the shadows is when it is having an impact on the company’s other systems or network capacity, or when it is becoming mission critical to the business. A cloud-based video transfer platform, for example, might prove a huge bandwidth hog for a financial services firm, and slow down other applications, such as CRM tools, that are more critical for the running of the business.
Another consideration is the procurement of shadow IT applications. The majority of these technologies are cloud services that can be bought in an instant using a credit card, so that they are up and running within seconds. This ease of commissioning might undermine the important role that the applications will play over time as it becomes more and more widely adopted in the organisation. What about SLAs? What about disaster recovery if the service goes down? And what about regulatory compliance, e.g. where is the data hosted?
It is important therefore to have the correct contractual safeguards, application availability and support assurances, in place for the business criticality of a solution. This requires procurement expertise, which is not typically found in line-of-business management.
Shadow IT is an agile, distributed way of procuring and using technology, but as businesses rely on these applications more, they need to bring them out of the shadows. A smart CIO will use shadow IT to their advantage from a budgeting point of view, allowing other departments to foot the bill for certain locally used non-mission-critical technologies and use it as a piloting initiative. Shadow IT should not be deemed as a negative aspect of IT in business. Businesses should capitalise on it to increase productivity and support the day-to-day workflow of different departments.