October 3, 2023
At a Glance
- Shadow analytics is kind of like doing your own home electrical wiring.
- Shadow analytics, by its very nature, functions as a kind of black-market technology.
- Risk and compliance teams can DLP tools to keep shadow analytics solutions from being shared outside.
Data analytics is a powerful tool that can help users make informed decisions related to trends, new products, customer preferences, sales, and an almost endless number of other topics. A serious problem arises, however, when enterprise team members begin designing and deploying their own, unauthorized, analytics applications.
Shadow analytics is kind of like doing your own home electrical wiring. “You might make [shadow analytics] work, but you risk burning down the building with ungoverned data handling that runs afoul of privacy and risk regulations that could lead to fines and hits to brand reputation,” says Joseph Williams, global partner, cybersecurity at IT management advisory firm Infosys Consulting.
Unauthorized analytical tools can lead to poor, or even business-fatal, decisions. “If you don’t know where the data came from, or you can’t get consensus with stakeholders, the benefit passes you by,” warns Peter Mottram, a managing director in the technology consulting practice of management advisory firm Protiviti. “You could be making the wrong decision without knowing it.”
Client-facing business units, particularly sales and marketing teams, are most likely to turn to shadow analytics. “Their KPIs -- such as time to market and revenue generation -- require a fast turnaround, and they don’t believe that IT will help them build analytics solutions faster,” says Sush Apshankar, a principal consultant with technology research and advisory firm ISG.
Addressing the Threat
Shadow analytics, by its very nature, functions as a kind of black-market technology, often acquiring data through unofficial channels, says Steven Karan, vice president and head of insights and data at business consulting firm Capgemini Canada. “This presents a danger to the organization in which enterprise standards of master data management and governance are disregarded, resulting in transformations of data sets in inaccurate or incorrect ways,” he explains. “This leads to poor analytics being fed to business leaders for decision making.”
Shadow analytics can also expose enterprises to regulatory risks or reputational damage created by circumventing personally identifiable information (PII) data standards, as well as GDPR, HIPPA, CCPA, and other data regulations. “In an extreme scenario, shadow analytics can reveal customer, employee, or proprietary data to bad actors, resulting in significant damage to the brand and exposing the business to unplanned liability,” Karan warns. In regulated industries, fines and enforcement actions related to shadow analytics can significantly impact both the top and bottom lines.
Another problem posed by shadow IT is the likelihood of unoptimized analytic workloads. “Even if multiple departments gather and transform data for analytics the same way, which is often not the case, labor and human capital costs are wasted,” Mottram explains. “Additionally, the cultural shift to becoming an analytics-driven company is severely impacted or becomes impossible to achieve.”
To nip shadow analytics in the bud, enterprises should consider deploying monitoring tools that can effectively detect and identify unauthorized access to centralized data. “It’s much harder to detect shadow analytics on data that isn’t managed by IT,” Williams says. “In those cases, you would have to track it down through a review of expenditures.”
Risk and compliance teams can use data loss prevention (DLP) tools to keep shadow analytics solutions from being shared outside the organization. “Within the organization, robust and automated data governance tools can help highlight data breaches or false positives through internal email exchanges,” Apshankar says.
Apshankar believes that the best way to tackle shadow analytics is by strengthening trust between IT and business units. “Business units should view IT as an enabler, not a blocker,” he says. “IT should also understand the importance of business requirements and not push tech KPIs over revenue generating KPIs.”
To effectively block shadow analytics, enterprises should address the root cause. “There’s one consistent factor that allows shadow teams to proliferate -- a lack of strong partnership between IT data departments and business functions,” Karan says. He notes that a common message he hears from the business leaders is that IT is frequently unable to provide access to the data they need to run operations or make decisions. There’s also sometimes concern that data isn’t available at the speed or frequency business teams require. “From the IT team, I hear that that business is unclear about their requirements, or that business doesn’t know what it wants.” A strong, friendly partnership is the best way to bring both sides together, Karan says.
Despite its bad reputation, shadow analytics should never be completely stopped, Williams says. “It should be managed by making it comply with governance and security requirements while meeting responsible FinOps,” he advises.
About the Author(s)
You May Also Like