For years, IT experts have been warning about the incipient rise of ‘Shadow IT’ – those unsanctioned, unknown, unmanaged applications that spread and multiply amongst the user community. The rise of SaaS only makes the threat worse with departmental ‘solutions’ springing up everywhere, where the only due diligence has been the ability to download it.
What’s wrong with that? They certainly present a security risk, either as malicious activity coming in or sensitive data going out; they open up a world of compliance and regulatory issues; and there are huge purchasing inefficiencies where multiple departments buy the same thing and potentially duplicate what IT has sought to deliver. I even warned about the need to manage Shadow IT in Aternity’s recent webinar on Windows 10 migration (which is available for replay on our website).
But is it all bad? Well, yes Shadow IT is bad if you don’t have a strategy to deal with it. However, if you do have a strategy, there is an awful lot you can learn about your users and the shortcomings of IT, which can only be a positive thing.
For example, if you can see lots of Shadow IT out in your user community, that is a clear indication that there are business needs that are currently unfulfilled by the centralized IT department. In fact, in the classic BANT sales acronym, seeing Shadow IT shows that there is a Budget, Authority, Need, and Timescale for these solutions. How much more do you need to know about your business users?
It might also prove that all of things that IT thinks of as positives (governance, standards, change management, project management) are just seen as ‘red tape’ that gets in the way of business. Instead of stopping Shadow IT, maybe the current strategy of locking down computers is actually promoting it.
So, what can you do about it? The first thing is to look at all of your business applications out in the estate and identify how common an issue Shadow IT really is. Is it limited to a single department or location? Or is widespread throughout the organization?
Now you know what you are dealing with, you can come up with a plan for it. Seeing that you have corporate applications left sitting idle whilst departments spend their own money on an alternative is quite an eye opener. There must be a reason for it so now would be a good time to get closer to the business users to understand what drove them that way.
It might be that the business users have done a better job at evaluating the market and come up with a smarter solution that can be officially adopted.
And, of course, there will be some other Shadow IT applications that pose such a compliance and security risk that they cannot be allowed to continue. Are you currently living in blissful ignorance, dreading the day when the auditors turn up?
So, far from dismissing Shadow IT as someone else’s problem, let’s embrace the lessons that it teaches us and have a proper strategy for dealing with it? To continue the discussion, here’s a blog from one of my colleagues, that also sheds light on how Central IT can manage Shadow IT.
Riverbed’s Global Application Performance Survey 2015, the first global survey of business decision makers on the business impact of application performance, revealed that 71% of respondents say they have frequently felt ‘in the dark’ about why their enterprise applications are running slowly, spotlighting a disconnect between IT teams and business executives. And outside the Americas region, that number grows even larger at 76% in EMEA and 75% across Asia. Troublingly, executives can contribute to the problem as they try to work around it: 37% of respondents say they have used unsupported apps when corporate apps run slowly or stop working altogether, thus adding to infrastructure complexity with more ‘shadow IT.’
Download the full Riverbed Survey here.