There is a parallel IT department lurking within your organization, right under your nose. An estimated 1/3 of all technology spending is occurring outside the IT department. You may think you’ve stopped it, or you may have learned to live with it, but the fact remains that it’s there.
Welcome to the new world of Shadow IT.
What is Shadow IT?
Generally speaking, Shadow IT means any technology spend that occurs outside of and without input from the IT department.
The rise of Shadow IT is as insidious as it is inevitable. IT and the business have always been at odds because in many ways the sides have competing goals. They are locked in a tug of war, with IT wanting more governance and control, and the business wanting more innovation and adaptability. It’s just about impossible to make both sides happy at the same time, but IT has historically won because it was so difficult and time-consuming to roll out an IT project. Large capital expenditures were needed to achieve scale and set an IT department up for success.
Thanks to many developments, those days are gone, gone, gone.
Tech savviness is no longer concentrated within the IT department. As more and more digital natives enter the workforce, the demands on the IT department, and business as a whole, are changing. These “new users” aren’t willing to accept any explanation from IT out of either fear or lack of knowledge. They want technology to enable their work, and in many cases they don’t understand why they have a much richer and more robust computing experience at home than at work. They demand to, for example, bring their own devices (mostly mobile phones) to work…so why not bring their own IT solutions too?
In the same vein, the cloud has made it easier than ever to identify and consume IT resources. Implementations that used to take an army of consultants and a matter of years can now be done in a fraction of the time with nothing more than a credit card. It’s amazing how disruptive that is and can be for both IT and the business. A study by Skyhigh Networks showed that users in an average company use almost 1100 different cloud services. There is no way all those services came with the full vetting and blessing of the IT department.
Today’s business leaders are armed with the ability to bypass IT. They have enterprise-class weapons, and a departmental budget…and they’re not afraid to use them.
Causes of Shadow IT
At its core, shadow IT results from a disconnect between IT and the business. The business believes that IT is being unreasonable in not adapting to its needs, and IT thinks the business is sacrificing long-term environmental stability at the altar of short-term needs.
Often, Shadow IT grows in an organization from certain key factors:
1. IT does not respect its users. We have all seen IT departments that treat users as an inconvenience, or ones that look like the inspiration of Dilbert’s character Mordac, the Preventer of Information Services. If IT does not show a willingness to engage and cooperate with the user base, the users will find respect on their own.
2. IT Isn’t Innovative. As mentioned earlier, users are more technically savvy than ever before. They have rich computing experiences at home, and they are able to encounter new and powerful IT paradigms through social media. If IT doesn’t partner with IT to deliver innovation, it’s not surprising to see users discover and seek the innovation on their own.
3. IT is expensive. If your IT department is bloated with bureaucracy, or projects constantly find themselves over time and over budget, users will run out of patience. As mentioned, cloud providers can deliver powerful Shadow IT with a few mouse clicks and a credit card.
4. IT isn’t flexible. Some IT departments can develop a siege mentality, in which any suggestions for improvement are dismissed, if only because they differ from “how things were always done.” Users are only human; they will tire of a can’t-do attitude and seek out a can-do attitude.
5. IT is too slow. Before the digital age took over all aspects of business and life, it was more defensible for IT departments to deliver solutions more slowly. These days, if the time to deal with requests can be measured with a calendar, users will feel the Need for Speed and look to a company that can provide that.
Risks of Shadow IT
Shadow IT has many logical explanations with reasonable causes, but it also presents risks for the average IT organization.
The biggest and most obvious risk is data security. Each cloud service has its own data protection and retention practices, and these might not match with your organization’s requirements, even if the service itself meets your needs. For example, the cloud service might not encrypt data, either at rest or in transit. The cloud service might have rigid terms of service that entitle it, at least in theory, to your company’s intellectual property.
If an employee who used a Shadow IT service ends up leaving the company, he or she could still have access to the cloud service, which might have important data both for your organization and its clients. This is a major risk to the company’s long-term client retention and its reputation in the industry.
Tribal knowledge is another key risk of Shadow IT. Even if the credentials don’t leave with a certain employee, the knowledge of how to utilize the service might leave when a certain employee decides to move on. This could render the shadow service completely useless.
Bring Light to the Shadows
Unless your IT department is made up exclusively of many copies of Superman and Wonder Woman, Shadow IT is a reality that is here to stay. It exists for a legitimate reason, and the only way to win in the New IT is to embrace and manage it, rather than to attack or try to ignore it.
The most important way to combat Shadow IT is to engage with your users as active partners, rather than an annoyance or a hindrance. Open lines of dialogue, such as what DevOps encourages, can strengthen the bond between IT and the business and bolster each side’s sense of common purpose. This could in time eliminate the need for a Shadow IT solution.
More than this, IT needs to recognize its place in the world of the New IT. Roughly 1/6 of the current technology budget – over $60 billion – is already spent outside the IT department. IT could continue to stomp its feet and fight about this, but resistance is, overall, futile. Users demand solutions that move at the speed of 21st Century business, and the truth is the IT department can’t always provide that.
However, this also doesn’t mean that the IT department should cease to exist. Instead, the best way to combat Shadow IT is for IT to coopt it altogether. The IT department still has many core competencies, including standards, process, and best practices. It would be easier for an IT department to sit down and develop objective standards for any external cloud service, against which the business can gauge a proposed solution, rather than treating each request as an ad hoc. As a result, IT can still become the overall arbiter of technology, as well as the keeper of standards and best practices. It’s a departure from the historical “we build everything” idea, but it’s a great way for IT to fit into the paradigms of 21st Century business.
Shadow IT did not occur in a vacuum. It resulted from decades of factors, including increased technical knowledge among end-users and increased gatekeeping and inertia from IT. A new sense of partnership, and a promulgation of key standards and best practices, can allow the IT department to embrace the new reality and bring Shadow IT into the sunlight.