Shadow IT is a term that refers to all applications and resources used within an organisation without the approval of IT. These are often (but aren’t limited to) cloud resources (PaaS, IaaS, SaaS), and include productivity applications, simple applications built using existing tools (usually Excel).
Why is there Shadow IT?
Simply put, when users have a problem or need that existing IT solutions cannot solve and which cannot be solved in a reasonable amount of effort most people will search for a reasonable solution.
The typical story goes like this:
- A department in the company goes to the CIO asking for a solution or tool that allows accomplishing some given feature or task to optimise work activities or deliverables. Typically with the goal of increasing efficiency and saving time and resources;
- Corporate IT bureaucracy steps in with rules and regulations demanding a certain number of prerequisites. Together these hurdles make it difficult to implement a solution in a reasonable amount of time and at a low cost to the requesting area;
- The department manager still needs to deliver on her KPIs, so she needs a solution. Up comes someone that says they can do it in Access, Excel, or another approved platform not originally intended to solve the given problem, or that there is a Cloud based app that does it all for just $9.95 per month.
- The area manager goes ahead with the unapproved app. Productivity goes up and they meet their KPIs, everything is perfect.
- One day, the CIO will have yet another headache and problem to be solved in her hands due to the new dependency on an unapproved application that hasn’t passed IT clearance.
As you can see, Shadow IT is not put in place due to malicious reasons, but it can lead to problems (security or otherwise) that IT departments need to deal with. The challenge is that these systems often become business critical over time and simply removing or blocking the application is not the solution.
The steps to master Shadow IT in your organisation
Step 1 – Embrace it!
While Shadow IT is often a dirty word in IT departments, it’s actually a symptom of entrepreneurial spirit within an organisation. It means that a department or team are finding solutions that work for them to solve their daily business challenges.
It’s important for IT to adopt a mindset change about their role – not as gate keepers but as supporters of the needs of the business.
Step 2 – Out innovate it
Shadow IT is a symptom that your traditional IT processes are not solving the problems of business. It means that you need to be able to provide the functionality that they need at the speed of cloud. Look after the security of your business data, but don’t put shackles on the agility of the business.
Remember too, that the cloud means that the scale of services like AWS or SaaS vendors can grow to handle larger workloads, it’s not just a case of finding a server under someones’ desk any more.
Step 3 – Put rules around it
Create reasonable policies that don’t require your business or software vendors to jump through unreasonable hoops. How many of us have seen those hundred question security questionnaires that are largely irrelevant to the way the cloud works?
Step 4 – Balance risk and reward
There is a difference between systems of record (think SAP ERP-type applications) and systems of innovation that can bring greater agility to by staff and customers. If you lump them all together with the same rules and procedures you’re just going to stifle innovation.
Step 5 – Standardise it
Find tools and platforms that allow the business to innovate themselves while you look after the security and access concerns. Excel may be seeing more security issues these days, but there are other platforms that can support the needs of the business in the way that Excel used to. IDC just released a new report on no code solutions “no-code development to democratize cloud-based application functionality creation” which talks about WEM the platform that my company Zero Code Solutions endorses. You can get a copy of that report from our website here.