This article was originally published on the wem.io blog. We're publishing it today as a lead in to the thoughts that my colleague has about the role of shadow IT in the technology landscape of many companies. Watch out for his article in the coming weeks.
Shadow IT has been a hotly debated topic in many circles for at least several decades, battles have been fought and decided in many management team meetings, boardroom and over a probably not so relaxed lunch or game of golf. An eternal business question seems to be: Is shadow IT a net risk or asset to a company?
Many things have changed from the first shadow IT discussions that started in earnest, when the first IBM PC’s hit the market in the early 1980’s. Focusing on the ability to quickly and easily integrate data on one side and the ever-increasing rules and regulations and their potential impact on the business on the other.
While Shadow IT sounds like something sinister that we are trying to hide I prefer the term “informal IT” defined as; the ability for end-users to decide for themselves how and when to process and consume information often on short notice. Most people will probably agree that using the definition of Informal IT is both an asset and a risk to every organization.
Manage risks & Optimize progress
The role of any business is to find a way to minimize risk, while optimizing progress, both internally as well as for customers. If we take the same approach to informal IT, we need to determine how we can reap the benefits while making the risks understood and manageable. Providing end-users the unlimited ability to access your data without any filters or controls introduces exposure and risk that no reasonable business should be willing to take. Following: What level of access at what level of control creates an acceptable level of risk?
A combination of several factors from single-sign-on, micro-services API’s and an integrated application platform each with their own but balanced service levels, security protocols and business continuity and disaster recovery policies could help almost any business find a solid middle ground. Your end-users get data-access and flexibility they desire, while you can ensure the continuity or your business and the privacy and security of your data.
Let’s be honest, if we, within a company, don’t provide a controlled platform for our end-users, say employees, to use, they’ll find their own way. And an unsecured spreadsheet on a USB stick is a lot riskier than a well-managed audited cloud platform like WEM.