CIO Perspective: Risks of Shadow IT in the Cloud Era

Cloud computing promises a life almost independent from the IT department in IaaS, PaaS and SaaS scenarios, lower costs and rapid delivery. With these key points, it changed the face of computing both in the consumer and enterprise space. From the user’s perspective, the problems are easily solved but from the corporate IT department’s perspective, non-existent problems are introduced.
The pain points of the enterprise users, the IT department failing to provide fast solutions to everyday problems is growing everyday. This is not to blame the IT department; for example, what can the IT department do if a division’s responsibilities are revamped and they need project collaboration with the branch offices and a project management tool has to be provided? The users’ request is a business request but for the corporate IT, there are at the very least the security, connectivity, licensing, deployment, authentication, authorization issues. How can a sane person expect the IT department to provide a turn-key solution right now?
Following the example above, the users are right. Their responsibilities now require a project management and collaboration tool to work on their assignments. They have their department’s IT budget, whether it is a pay-as-you-go system or an allocation as an overhead expense, but the IT cannot provide the needed service.
In this case, the department is pressurized by the two corporate requirements: business requirements and the corporate IT. Trying to find a way out, the easiest method is to purchase a cloud-based solution. Considering that there are numerous SaaS alternatives for almost every project collaboration need, the department chooses one that fit their needs. Users problem solved. What about the IT department?

RELATED:   Getting the Credit Due for Your Innovative Ideas

First, almost all of the SaaS tools require no special permission to operate. That means, if the user can access the Internet from his corporate computer, then he can access the tool. No security requirements, no corporate policies: the user can access any system on the Internet, begin to use it and since everything is so convenient, he does not think about consulting IT in the decision making process. That is great for sure, with the added benefit that the user can access the collaboration application from any device, without thinking about complicated corporate VPN issues. The user solved his problem, but what about the long-term IT strategy and long-term IT sustainability, data ownership, compatibility and service level agreements? These are the due diligence factors the corporate IT department follows, typically the end user is not aware of.
Next, there is the issue of independent information silos. Following the example further, imagine that two different departments follow similar projects with different project collaboration tools, unaware from each other (this is very common in the corporate world). In the next meeting, the VPs find out that these two projects can be combined to one project and the freed resources can be deployed elsewhere. Fine, but the different collaboration tools are most probably not compatible with each other, and further may not allow data exchange with other platforms. What is to be done here? Whose responsibility is this? What would happen in a bigger scenario where there are two incompatible Business Intelligence systems that cannot exchange data?

RELATED:   Should You Follow Web Design Trends?

I cannot put the blame on one side, there are two sides of the story. The IT department developed procedures over the years to make sure every aspect of the complex enterprise infrastructure. As the infrastructure grew more complex and larger, it became slow to respond to the immediate needs. This is not to protect the status quo, nor the resistance to change but rather to ensure the long term survival of the company by following the procedures.
The end user, who is faced with the procedures, decision processes, feel neglected and abandoned. As anyone who has broken up with his/her significant other, seeking happiness with someone else, the department acts the same and seeks shelter in the arms of the SaaS providers. However, the department fails to overlook the very basic aspects of IT in the cloud providers: compatibility, service levels, security, backups etc..

RELATED:   Negotiating Your Cloud Contract: What to Look out For

How can you solve this as a CIO? I would advise to speak with the IT team and communicate clearly in order to not act emotional when they hear “cloud computing”, “Internet” and “SaaS”( IT people tend to act aggressively when they hear these phrases with the fear that these are there to take their jobs). The CIO has to calm down the fears and ask the IT staff to listen to the users’ needs, try to assist them in their decision making and involve them in IT’s decision making where applicable. The users will be happy to hear what the risks are, what they have to look for, what they have to question with their requirements and provide feedback.
I cannot say that clear, open, honest communication will solve all the problems. It will surely help both the IT department and the end users to be able to find a common ground and both sides to understand each other more.
Image credit: globalnerdy.com