Shadow IT exists as an entirely independent movement within an organization, outside the traditional IT department and often beyond its scope and control. What once was limited to custom Excel scripts and software purchased from retailers, Shadow IT now encompasses countless information technology products and projects managed outside of the IT department’s oversight. This is often perceived to be a potential threat to a business, but are there also opportunities to be found?
Most employees who have gone through new system implementations through their IT departments are left with memories of months of struggle, starting from getting an approval all throughout the implementation itself. As a result, cloud-based solutions are becoming alternatives not just for IT departments, but every member of an organization who can use business applications to better and more effectively do their jobs.
The cloud is tempting for many well-documented reasons. Corporate IT departments and the decision-makers responsible for IT infrastructure decisions more and more frequently turn to the cloud instead of investing in on-site server rooms. Amazon Web Services, Microsoft Azure and Google Cloud offer ever-improving rates that strongly challenge traditional models. The benefits of choosing cloud over physical hardware also include avoiding costly fire protection and backup solutions, as well as being able to dynamically schedule the usage of your leased cloud equipment, only paying for what you need when you need it. For small companies and start-ups, the choice is often admittedly obvious.
It is true that for some organizations, however, it can be difficult to show the financial benefits of choosing cloud solutions. When comparing the costs of cloud solutions to having your own server room financed at a low rate, it can go either way. This calculation does leave out a significant, but hard to quantify, benefit of the cloud. It’s important to consider the man hours that can be saved by limiting the competencies and attention required by your IT department having to manage your on-site solution. Shifting to the cloud gives organizations the ability to put more focus on core operations.
It’s here we come to the phenomenon of Shadow IT. While the largest effect is often on department managers, individual employees often turn to Shadow IT to enhance their every day tasks using external software solutions. Common examples of this include using Asana or Trello for managing company projects, using YouTube to convert internal videos, or using alternative productivity tools like G Suite for convenience.
People who are not responsible for the application infrastructure in a company can very easily find solutions to the problems they face. They are also often well aware that if they were to involve the IT department, they would encounter many problems along the way, including road blocks that simply cannot be crossed.
Again, cloud solutions offer an appealing alternative, by avoiding countless potential hang-ups like security and compliance concerns. Users are able to quickly use a solution, and the IT department can continue with more pressing concerns, instead of adding another ticket to an endless queue of requests. Isn’t it easier to simply finance a purchase from a company credit card, sink the costs into operational expenses, and immediately start using a solution that improves your workday?
The cloud offers a simple and effective alternative to IT departments, who more and more can be completely cut out. This, of course, is a potential source of conflict and resistance.
So, War Then?
Should Shadow IT be treated as a serious threat to an organization? Yes and no.
When using unauthorized or untested software, we open up the potential risk of opening up company data to tools that do not meet data security requirements. Alternative solutions can also prevent development and on-boarding. Users do not progress to the middle and long-term stages of software expertise and workflow changes and the associated benefits, slowing or even halting implementation progress. Finally, it may be the case that the cloud solution being used had obvious, initial benefits but later stages of development are limited or even prevented, as in the case of integrating with existing internal company systems.
On the other hand, the cloud offers endless opportunities to experiment and innovate, with simple and cost-effective access to modern, tested solutions.
However, if the IT department takes a defensive or even aggressive stance to prevent expansion into the cloud, the consequences can spread far beyond the company’s infrastructure and lead to open conflict. What makes matters worse is that both sides are often right. IT is responsible for security, reliability and compliance after all, while management is driven to find tools that enable employees to better carry out business functions.
Wisdom, at No Additional Cost
Wise IT takes a different path, and instead of struggling against Shadow IT, adjusts its own structures and policies to embrace it. The single biggest advantage of cloud solutions is that you do not have to run them yourself, you simply buy them and start using them. In the case of internal IT solutions, we have to deal with the entire purchase cycle, tenders, lawyers, licensing and more.
So what can an IT department do to find a way to deliver customized business applications that can integrate with existing systems, while being user-friendly and sharing the convenience of cloud-based solutions? One option is through the use of low-to-no-code Rapid Application Development platforms. RAD platforms enable IT the flexibility to start a new project as soon as the business need arises. These platforms and the competencies needed to use them are typically acquired one-off, meaning all subsequently developed applications use the same technology and bypass additional approval processes.
Rapid Application Development platforms enable an organization to keep Shadow IT under control, by limiting the needs for departments or individuals to independently seek solutions outside the existing IT infrastructure. This enables users to focus on the use of their tools and the furthering of company objectives, while putting the organization and implementation of these systems back within the IT department’s control.
Shadow IT is a phenomenon that will never completely disappear. In practice, Shadow IT exists in every organization, and is strongly tied to the smartphones we use every day. Today, anyone who needs a simple utility can get one in seconds through the App Store or Google Play. Wise IT executives will therefore attempt to avoid situations where staff begin to hide their use of external systems. After all, the biggest threats usually result from a lack of awareness. Most situations that threaten the information security (infosec) of an organization come from the unintentional actions of employees blissfully ignorant of the consequences of their decisions. In this case, situational awareness is often preferred to strict enforcement of policies.
A properly run IT department is able to quickly react when risks related to independent use of SaaS or cloud applications arise. When the risks are minimal and the benefits outweigh the costs, it will be tolerated. Users can even gain invaluable experience that the IT department can use. If an application is found that fulfills a role as intended and improves processes or efficiency, the user has already acted as a software tester and the process of implementing into internal IT structures is hastened.
IT That Inspires
A modern IT department is one that ends up encouraging users to report on external solutions they are happy with, and brings Shadow IT into the light. While it is not fully under the control of the IT department, as users still make decisions about what software they use, we gain visibility that both improves information security and the flexibility and ingenuity to quickly react to the changing business environment. When a solution is identified that brings tangible business benefits, we can confidently make decisions about its implementation into existing IT structures.
Gartner associates this process with the Enabler Role of IT. The Enabler understands that to get the most from the IT department, it is preferable to work on searching for and providing the right tools, instead of simply policing existing policies and processes. The Enabler knows the needs of business, and identifies low-risk, proven solutions that satisfy both the needs of IT as well as the overall goals of the organization.