Whether you like it or not, Shadow IT exists inside your organization. A recent global survey of 200 CIOs found that 83% have seen the unauthorized provisioning of cloud services, despite the fact that over a third of respondents said their businesses did not permit cloud adoption without the involvement of IT.
Is it really that shocking? With the consumerization of IT, people have grown accustomed to convenient web-based apps that make their personal lives easier. It should come as no surprise they have similar expectations for their work lives too.
However, CIOs around the world face an uphill battle to accommodate and secure these unauthorised channels. For starters, cloud-based SaaS services are typically easy to use and very affordable, or even free. There’s not much of a barrier to prevent non-technical employees from just installing external services without consulting IT departments for help or approval. This is troubling as most proactive high-achievers in your workforce live by the adage “better to ask for forgiveness, than for permission.”
“Better to ask for forgiveness, than for permission.”
Furthermore, it’s not like the workplace pressures and demand for results has slowed down on either side of this battlefield. Non-technical employees are constantly asked to do more with less resources, while IT managers rarely receive an increased budget and are already coping with a backlog of other projects.
As a result, Shadow IT has been on the rise for years without IT departments actually knowing which technologies are being used inside their own walls. Consequently, the majority of press concerning the rise of the “big bad Shadow IT” is negative. Even the name implies some shady backchannel in the dark underbelly of the enterprise.
But is Shadow IT really that ”bad” or is it time to change our view?
Is Shadow IT a CIO’s Friend or Enemy?
Problems Of Shadow IT
The downsides of Shadow IT are well documented. First, it can cause severe security issues, due to unsupported and unverified technology being used in the company as users bypass standard IT security procedures. Second, if an employee stores sensitive data on a personal Dropbox or Google Drive account, the threat of violating compliance and data protection policies is omnipresent. Finally, Shadow IT can trigger negative impacts on other colleagues in a multitude of ways including user experience, bandwidth, communication flows, data access, and more. Of course, all these factors together lead to massive headaches for CIOs as they lose control over their corporate IT infrastructure.
Benefits Of Shadow IT
Beyond the oft-cited negatives, the massive potential Shadow IT holds for innovation and rapid growth is too important to ignore. In fact, a study by the Economist Research Unit reveals that managers believe web 2.0 apps will bring the most profit to companies in the future. Employees turn to SaaS apps because their needs are not covered by the standardized corporate IT package available to them. In doing so, they may incur more risk, but they’re also taking ownership of a problem, implementing a solution and seeing it through to completion autonomously which improves efficiency, productivity and adds to the bottom line. CIOs should incentivise creativity and encourage workers to experiment, albeit safely, with new innovative technologies that give their company a competitive edge.
Shadow IT Is Here To Stay
Ultimately, answering the question of whether Shadow IT is good or bad for your business is irrelevant. As new tools and technologies emerge, employees will continue to seek out ways of incorporating them to improve their productivity and performance at work. In fact, 40% of IT spending is already outside the control of the CIO. Therefore, the focus shouldn’t be on containing Shadow IT, but rather on embracing it safely and effectively.
How CIOs Can Embrace Shadow IT
Listen And Work With Users
The knee-jerk reaction to the unauthorized use of cloud computing programs in the enterprise is to set up legal barriers within employee contracts and punish all malefactors. This is the wrong approach.
“Security professionals need to accept being at the losing end of this argument and start rolling out enterprise mobility programmes.” says Bryan Littlefair, CISO at Vodafone.
Companies need to put mobile technology to work for their business, not put up roadblocks against it. However, in order mitigate the risks, communication with employees needs to improve in order to discover their true technology needs and inform them about potential pitfalls. Feedback from employees should be taken seriously and acted upon quickly, so that ”safe tools and solutions” can be identified and approved by IT. Moreover, a legal framework should still be implemented, but it should be focused on protecting sensitive data, not eliminating Shadow IT entirely.
Introduce Dual-Speed IT
A Dual-Speed IT architecture, or Bimodal IT, is based on establishing two tracks, one that takes care of existing legacy systems and another to foster agility and innovation. As McKinsey points out, the former is slower to innovate as it’s focused on a transactional backend and, therefore, needs to ensure stability and high-quality data management. In contrast, the innovation track can move much faster to deploy new software as it targets internal operations or the customer-centric frontend and needs to avoid time-consuming integration. By establishing a Dual-Speed IT culture, firms can mitigate the risks of Shadow IT since the tools demanded by staff are provided much faster, which reduces their motivation to “go rogue”.
Unfortunately, most organizations fail to embrace Shadow IT appropriately and it’s generally portrayed as a major thorn in the CIO’s side. However, the hard truth is that this trend will only get larger so organizations should learn to harness the tremendous upside that Shadow IT holds. IT departments need to listen and collaborate better with their non-technical colleagues and leadership must steer the organization towards a dual-speed IT culture – one that can reconcile the strain caused when demands for security, legacy upgrades and innovation pull in opposite directions.
In short, Shadow IT has the potential to dramatically transform the speed and agility of enterprise corporations. By allowing your employees to take ownership of bottlenecks and breakdowns in their workflows, you open the floodgates for rapid growth and larger profits. Shadow IT is not inherently secure, but with the right parameters you can blunt the risk and reap the benefits of an ever-improving, innovating workforce.