Shadow IT

Shadow IT

At our recent Above the Cloud luncheon, discussion amongst the group of C-level participants turned to the issue of Shadow IT. You may have seen or heard Shadow IT labelled as “risky”, “stealthy” or even “sinister”. We counsel that it can be viewed as an opportunity, with the right perspective.

What is Shadow IT?

Shadow IT is the phrase coined to refer to the increasing trend of employees going around their companies’ IT policies to implement their own tools, programs, apps and platforms, often cloud-based. This is done without explicit approval of the organisation and without oversight from the IT department. Shadow IT is often consumer-grade rather than designed for enterprise use. Typically shadow IT is funded through a departmental, team, project or individual’s budget or could even be procured creatively (or covertly), with costs unreported or hidden in other budget line items.

There certainly are risks beyond potentially hidden costs. Because Shadow IT is not maintained or managed by the IT department, this can mean data is not backed up or secured as it should be, according to the organisation’s processes and procedures. Not only can this result in IT silos, duplication or loss of data, errors and reduced employee collaboration, Shadow IT may also be outside of the organisation’s security protocols and thus represent potential for data leakage, compliance breaches and security risks, however well-intentioned and inadvertent. Even if the data is stored, it may not be in an approved location or with an approved supplier, and retrieving it may be difficult.

Is it really happening?

Whether or not you are taking your organisation to the Cloud, parts of your organisation might be going there, anyway. Despite the risks listed above, staff may be turning to off-the-shelf, agile solutions to meet their work needs, because they feel IT is not delivering what they need to do their jobs – or to do their jobs according to their technology preferences and expectations. One CIO at our Above the Cloud event proffered how surprised she was by the result of a recent audit of non-IT-endorsed cloud applications. It showed far more use and adoption of Shadow IT across the organisation than was first suspected. Others expressed concerns around governance, potential security breaches and costs. These concerns are justified.

According to local research (Australian Digital Workplace Study 2015, Telsyte), Shadow IT solutions now account for 20 percent of Australian organisations’ IT spend, compared with 25 percent globally. Analyst firm Telsyte recently revealed that 79 per cent of Australian CIOs work in an organisation that has at least one line of business with its own IT budget. Telsyte’s research also found that most CIOs believe that line of business IT spending will eclipse centralised IT procurement within 5 years.

What to do about Shadow IT?

First, you will need to understand the extent of Shadow IT within your organisation. Next, we suggest you ask why staff are turning to Shadow IT. And that you see this as an opportunity to identify gaps in your IT capabilities, rather than to punish and blame. Asking what issues they were trying to solve on their own, and why they believe a Shadow IT solution better meets their requirements, can lead to better organisation-wide solutions, efficiency improvements and greater business value.

Today’s workforce is becoming increasingly tech-savvy and your employees have higher expectations on the technology they are provided at work, with which to do their jobs. If it’s not at least as good as what they use in their personal / consumer lives, it’s not living up to those expectations. They’re looking for things like great user interfaces, usability, speed, accessibility, integration of information, quality, and agility. Those organisations that respond to this consumerisation of IT will have an advantage over those that don’t.

If you are not sure where to start, we can guide you through the initial assessment and be on hand to assist with this challenge.