CIOs: You Should Be Wondering About Shadow IT

Let me quote shadow IT from wikipedia: “shadow IT is a term that is used to describe the IT Systems or IT solutions that are built and used inside the organization without the organizational approval.” Shadow IT can be “tiny” such as an employee who receives  corporate e-mails from his smartphone or tablet, which is not provided nor supported by the corporate IT or “huge” such as a department/unit funded IT systems that are deployed without IT department’s knowledge.

How Do You Come Up with Shadow IT?

How do companies end up with shadow IT? Mostly the blame is on the IT department: it is slow to react, it is “preventer” rather than “enabler”, the support is questionable, the cost of services are high and the like. IT was not 100% wrong on all these issues, especially in times when the boss was pressing them to do more with less and when they were receiving the budget cuts. Of course they had – and still have up to a point –  the power to say “no” and most of the IT pros used this to their fullest advantage. But the departments had already spent some of their budgets to outside consultants/contractors and deployed their own solutions.
From the employees’ perspective, they were under their bosses’ pressure to continue to work longer hours every year. They wanted an e-mail capable phone from their company to give them a little personal time: instead of sitting in front of the computer to check for e-mails, they wanted a simple devices that they can carry and receive their e-mails. They were asked to fill a lot of forms, “inquired” by the management for the real need and seek approval from the various layers of management. If they were lucky, they would receive a smartphone that does the job but was already two years old. That was not “cool.” They can just go to a consumer electronics hypermarket, purchase a “cool” smartphone, input the necessary information and solve everything in about two hours, including the drive.

RELATED:   3 Steps to Cloud SLA: #1 Availability

As if these all are not enough, the consumerization of IT leave the IT departments with no choice: various systems will be deployed, various smartphones, tablets, laptops will be brought in (with various operating systems).

Why is Shadow IT So Bad?

Shadow IT looks exactly as this to corporate IT departments. The problem is how to make shadow IT work for you, rather than trying to crush it.

First, it is the IT department that will be called when something is not working. In addition to the already complicated infrastructure, the IT department is now asked to support the devices that it had no knowledge or no skill about. In addition, the IT department has to maintain the corporate infrastructure and at the same time try to figure out how to manage systems which have been deployed without considering the corporate architecture. Furthermore, when there is a conflict of interest in any part – the shadow or the corporate – both systems suffer.
Second, by shadow IT, the funding departments are unwillingly putting the company’s data in someone else’s hands. In addition to this first-hand security breach, they are also opening up holes in the company’s IT infrastructure which can be exploited by various attacks. Not only the company’s data is at risk, but also the reputation.
Third, the financial effects. In any case of shadow IT, without any single exception, there is redundant data. Once data is redundant, it grows exponentially. Exponential growth absorbs the space in the storage systems. Growing data size, especially in databases result in heavier loads on processor, memory and disks. Database queries result in heavy network loads – putting the entire network to a grinding halt is not uncommon. And all those data has to be backed up.

RELATED:   Fired? Laid off? Use a Personal Web Site to Find a Great Job

Fourth, there are islands of information. Some department knows something and the other knows otherthing. When it is time for management to decide on, neither the corporate or the shadow IT can present data accurately because they both have partial data. Even worse, these partial data are incompatible with each other: some of the data is in one database – say Microsoft SQL – and some data in other – say PostgreSQL. In addition to the resource, backup, network problems, you now have to think about integration.
Fifth, there are organizational politics. The shadow IT can become a shadow warrior to compete with the corporate IT, oftentimes claiming greater share in the organization. And they have their users’ support: it was the corporate IT that the users were suffering from and these guys gave them what they needed. Since shadow IT is the enabler, they have more right to speak about the company’s IT decisions in users’ (and their) minds.

What Can You Do About It?

Forget about setting policies, preventing or banning use of unapproved equipment and forget about what you did in the past. It did not work and in the beliefs of many people, you are suffering because of your own decisions. Crushing them is also not an option. Not only it will make the CIO look as a dictator but also it will signal lack of self-trust for corporate IT. And, contrary to everything you have in mind, shadow IT is not necessarily bad.

RELATED:   Will IoT Devices Overload Web Hosts?

The best way to go is the root cause analysis. What are the reasons that resulted in shadow IT? What caused people to seek their own solutions? Are the projects taking forever to result in half-done state, let alone finish? Are the departments overcharged? Is the IT favoring one department over another? Is IT department monopolizing the data and the departments are seeking ways to create and use on their own? Is one department valuing itself higher than it is?
An example from a client: the IT department was asked to come to an internal meeting to organize for network connectivity and presentation issues. The meeting would take place in a location that was about 40 minutes of drive from the corporate headquarters and would last for a single day. The IT department has made the project plan, employed a system engineer and billed the department about USD 8300 (yes, really). With this amount, the company could purchase a notebook, a projector and on site installation and would still have saved more than USD 3500.
It is normal that the corporate IT cannot manage every single thing in the organization. Nobody can expect IT pros to have knowledge on servers, network, databases, Internet, mobile devices plus the business processes and where the business processes need assistance. A system engineer can design and install a CRM application up to a point, but he cannot be expected to customize it to the company’s business. At this point, the shadow IT comes in, most probably by wearing the hat of a contractor or consultant. It is always the best practice to speak with the shadow IT, lay down the project in detail, put everyone involved in the project and work with a common framework that will benefit both parties. If that is the case, the exponential losses will turn into exponential gains, and the company will have a higher return on investment from the shadow IT.
References