A lot of people confuse the term Shadow IT for something more sinister, something straight out of a Tom Clancy cyber-espionage thriller.
If it were so, it’d be so much more cooler, of course, but on the contrary, Shadow IT is something far less sinister, something we have all been probably guilty of at some point in our careers. The act of purchasing or using technology for the workplace without the approval or knowledge of the IT department is called Shadow IT.
This could mean something as simple as someone using Dropbox to share company data or the DevOps team purchasing an instance of a caching server to increase performance of the website, all without the IT department’s knowledge or approval.
This phenomenon is commonplace thanks to a clear paradigm shift in enterprise buying patterns. Any manager armed with a credit card and access to the Internet can buy software thanks to vendors adopting the SaaS model, as long as it falls within the budget allocated to his department. With the consumerization of technology, it has only made things easier for credit card toting users. It is not only software that is gradually going beyond the scope of Shadow IT, but also hardware and gadgets. We live in an era where we can get a tablet delivered overnight from Amazon if the mobile testing team needs one immediately.
Gartner predicts that
By 2015, 35 percent of enterprise IT expenditures for most organizations will be managed outside the IT department’s budget.
Like any innovation or trend that emerges fast, there are two sides to this. The purchase of that SaaS marketing automation tool by the marketing department would definitely help the marketing team work efficiently towards the business goal of generating more leads, but that also means that there is an increased responsibility towards the IT department in making sure that there are no risks involved.
Some risks associated with Shadow IT
- Acquisition of software from dubious sources – download sites, cloud services with poor security
- Ill-researched information leading to bad tech choices
- Bug infested software
- Obvious data security risks
- Risk of malware or virus infiltrating the corporate network
An important question is to be considered here is why do users bypass IT to make purchase decisions? A lot of people view the IT department as still stuck in the ‘80s or that the process of procurement is slow. With the market and competition moving at breakneck speed, businesses cannot afford to wait over a simple purchase that impacts business. With more and more businesses delegating decision making or opting for flat hierarchies, Shadow IT only makes more sense. In case of a sudden drop in performance, would the business rather have an engineer himself take the decision to purchase additional servers to balance load or an engineer who informs IT and waits for IT to supply the same, knowing it would take a few hours (or a few days?). IT would probably have to escalate to ask team leader, finance and a number of other stakeholders for approval resulting in unnecessary outage and hundreds and thousands of disgruntled customers. Phew!
Of course, such situations are not this black and white, but the challenge remains the same.
What can the IT department do to solve this deadlock?
- Broad-minded CIO – The vision of the CEO is crucial in shaping the organisation; we know this. The same holds good for the IT department, for which the CIO needs to be open to innovation and new ideas. If that means getting rid of that legacy tool you have been using for the past decade, so be it.
- Openness of the IT department – The IT department should not turn into a bureaucratic force in the organisation, slowing things down with a mindless adherence to the traditional way of doing things. It should act as a catalyst towards the ultimate goal of the organisation – to make more revenue and to be profitable. Understanding business needs and continuously reframing policies and processes is a given for a cutting edge IT department.
- Communication – Business units must understand that it is good practice to keep the IT department involved in technology purchasing decisions, even ones which have to be taken fast. It becomes imperative for the IT department to reach out actively to business units and educate them about why they exist – not to slow them down, but to help them achieve their business goals. The IT department must use the announcements section of the service desk effectively, sending regular newsletters and engaging your users.
- Protect and to serve – It is essential that business units and the IT department are on the same page when it comes to IT purchases. The IT team needs to be fully aware of the latest IT acquisition even if they are not directly involved in the purchase. At the end of the day, it is IT that are going to be firefighting if some security lapse arises. After all, you cannot really fight if you don’t know what exactly you are fighting. Step up on your internal training and empower your team to take decisions. Train your team on the latest IT technologies.
Do not look at Shadow IT as something that will put the IT department out of a job – look at Shadow IT as a huge opportunity to take unnecessary burden off IT – why would you want to spend your time on a minor purchase when you can spend the same time thinking about the big picture – IT strategy?
Remember, Shadow IT is not a bad word. We cannot stop business units wanting to invest in new technology to grow the business. But what we can do is work with them to ensure a smooth and productive work environment.