What is Shadow Information Technology (IT)?
Shadow IT is when employees use an information technology device or an application to accomplish business objectives outside the realm of the company’s IT department. Individuals within business departments may use technology to solve issues or implement innovation in a do-it-yourself mode. Shadow IT is often seen as rogue or stealth IT in that the solution may not have approval from the organization. OneLogin states that 71% of employees are using applications that are not sanctioned by IT.
Why Does Shadow IT Exist?
There may be many reasons that shadow IT exists in a company. Companies with an entrepreneurial culture may actually encourage users to take action on their own behalf. Perhaps processes to get an IT request approved and completed is lengthy or unclear. To obtain approval, IT projects may have high business case expectations. Or, a business user may feel the problem would never get the attention of the IT department due to lengthy backlogs. Legacy applications may be large and costly for a company to address. The solution preferred by the user department may not be allowed due to established IT standards. Moving applications and data to the cloud with quick provisioning and an absence of infrastructure requirements can make it even easier to circumvent IT.
What is Wrong with Shadow IT?
Shadow IT solutions can provide innovative solutions with immediate business benefits. Although shadow IT may be done by resourceful people with good intentions, it can present issues such as:
For example, we often see the case when an employee develops a unique department-specific application, it becomes mission-critical, they leave the company, and no one is able to support the application. Companies must balance innovation against risk.
Developing and supporting shadow IT can become time-consuming for individuals that should be focused on other areas of the business. It can also mask a root problem of legacy applications that may need to be modernized. True IT costs for a company may also be inaccurately reflected. Gartner Research states that 35% of total IT expenditures in 2016 are related to shadow IT.
Security of shadow IT is a growing concern for companies. One of Gartner Research’s top ten security predictions (June 2016) was “By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.” Unsanctioned devices and applications can provide a backdoor for hackers, leaving a company’s infrastructure and data vulnerable to security breaches. Security breaches and leaking sensitive data can have a tremendous impact on a company’s finances as well as their reputation, competitive advantage, and viability.
How Can Companies Leverage Shadow IT?
In the past, a CIO would try to shut down shadow IT. Today, that is virtually impossible. With tools readily available and people that may be as adept and innovative with technology as application programmers, just saying no to shadow IT is not realistic nor advisable. IT cannot ignore shadow IT and hope that it goes away. It won’t go away, and will probably increase in the future.
Following is a checklist of five areas to help a company manage and obtain more value from shadow IT.
1. Fix the Root Cause.
2. Embrace it.
3. Design for it.
4. Highlight it.
5. Change the culture.
Tell us what you think of our checklist. Have you found other creative ways to team with shadow IT? We want to hear from you!