Shadow IT: 8 Ways To Cope - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy
News
3/18/2015
06:10 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Shadow IT: 8 Ways To Cope

If you're sick and tired of Shadow IT in your organization, you're not alone. Here are some coping mechanisms to help you get a handle on things.
Previous
1 of 11
Next

(Image: LoggaWiggler via Pixabay)

(Image: LoggaWiggler via Pixabay)

If your employees and business departments are bypassing internal IT resources to acquire their own systems, software, and other technologies without your explicit permission, take heart: You are not alone.

For many organizations, so-called Shadow IT grew out of pure necessity, as increasingly tech-savvy employees sought out their own solutions to specific line-of-business problems.

Some of you may remember a time when IT departments had the ability to fully control and dictate almost all the technology decisions made within an organization. Over the years, that vice-like grip has loosened considerably. There are multiple reasons that this has happened. For one, new technologies come to market at an alarming rate. Oftentimes, the latest and greatest is immediately seen as valuable by a particular business unit. Most IT organizations are not structured to offer new IT solutions at such a rapid pace.

Secondly, the Bring Your Own Device (BYOD) phenomenon that has hit enterprises in recent years created a new way for employees to make their own choices about the mobile hardware and software they are using for business purposes. Lastly, cloud computing and related SaaS and PaaS applications have created a new avenue for employees and entire departments to easily circumvent internal IT.

All too often, we hear of in-house IT personnel being completely in the dark about what's happening with technology in their own organizations.

Your natural instinct might be to try and clamp down on Shadow IT because you see it as a threat to your career. Rather than fight it, it's high time that IT decision-makers admit our shortcomings and learn to address the reasons that Shadow IT has cropped up in the first place. Your department no longer holds all the cards in terms of servers, endpoint devices, or applications being used in your enterprise. At the same time, there are plenty of ways to change the how the IT department operates, so that you can better address business needs. Doing so might reduce -- and possibly even eliminate -- shadow IT altogether.

In the long run, you might think Shadow IT is a terrible idea. While short-term gains can be achieved, it leaves the entire organization at risk. Take an audit, and you'll likely find duplicated technologies, security risks, inefficiencies, lack of expandability, and an overall loss of a strategic IT roadmap moving forward.

On the following pages, we give you eight ways for IT to cope with the individuals and departments that practice Shadow IT. These coping methods can help you accomplish the following:

  • Identify weaknesses within IT that caused the need for Shadow IT in the first place.
  • Reestablish relationships with departments and individuals that regard the IT department as a hindrance to their job.
  • Reinstitute the IT department as the single gatekeeper for technology solutions in the workplace.

If you’re sick and tired of shadow IT, share your pain and let us know whether you think these coping mechanisms will help you. Do you have additional suggestions, or stories on how you handled a recent shadow IT issue? Tell us all about it in the comments section below.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 3   >   >>
Broadway0474
100%
0%
Broadway0474,
User Rank: Ninja
3/18/2015 | 11:01:04 PM
Like points 1 and 2
Andrew, great post. I like the idea of these tips, specifically points 1 and 2 --- to ID why Shadow IT came about in the first place and how to fix those reasons/mend fences with disaffected employees. But as for reinstating IT as the sole tech gatekeeper, I think the animals are out of the barn (is that the saying?). I think the analogy is when a state/government loses the monopoly on force in a country. To reinstate that, it takes coersion. I don't think most IT departments have that in them, and I don't think modern workforces and enterprises would put up with it.
Andrew Froehlich
100%
0%
Andrew Froehlich,
User Rank: Moderator
3/19/2015 | 10:34:17 AM
Re: Like points 1 and 2
@Broadway0474 - You could very well be correct about IT never retaining their sole gatekeeper status for all things technology. But the idea should be to try and reclaim as much of that gatekeeper status as possible. Thanks for the comment!
Tony A
0%
100%
Tony A,
User Rank: Moderator
3/19/2015 | 11:50:45 AM
Where Should I Begin...
I think I will begin by mentioning that I wish IW would default their Comments editor to a font that I can actually see without a microscope. So I apologize for any typos but I literally cannot see the individual letters in this (6 pt?) font. (Maybe I should write it in Word and paste it here? Next time...) It would also be nice if I could see the original post while commenting, which I can do on numerous other sites where I sometimes post comments.

What this post sounds like to me is about 8 parts laundry list of ways to make IT review, procurement and development more efficient, and 2 parts despair at the fact that today's iPad is more powerful than some older mainframes. Making the IT review process more efficient is a good thing in and of itself, as is a more pro-active IT shop, keeping up with the latest greatest technology, and other suggestions. None of this has much to do with the issue of Shadow IT, which is going to come about for various reasons (egos, pressure, ignorance, etc.) no matter whether you are a CMM Level 1 or Level 5 organization.

Buried in your recommendations and generally liberal attitude towards the phenomenon you are allegedly recommending solutions to are a number of false assumptions, all of which tell me that you don't really understand why the problem is a problem in the first place.

The first assumption is see is that "shadow IT" projects stand more than a remote chance of being successful. My long experience in a large IT shop tells me that that is a critical mistake. THe vast majority of such projects entail an enormous waste of money and human resources as amateur, self-styled IT directors try to convince themselves that they actually know how to run an IT project. Many of them never even get off the ground, and the ones that do are usually kludgey at best.

The second assumption is that such projects, even when they are semi-successful, are well validated approaches to getting the functionality that the users want. The inability of individual departments to reasonably evaluate the possible approaches to a problem and choose the best one means that they are more than likely to choose something that is neither cost efficient, nor optimal from many other points of view (integration, security, support, etc.). They can be sold a bill of goods by a vendor or a consultant because they have no real experience doing this sort of thing and then they are locked in.

The third and possiobly biggest and worst assumption is that the "shadow IT" project remains a shadow IT project. On the contrary, the one or two developers who were hired move on, the vendor disappears, or the COTS product fails to keep up with changes in the corporate IT infrastructure, etc. etc. etc. and before you know it you get a call from the department - "Hey, we've got this mission critical applicattion and nobody to support it, can you do it?" (Sure we can do it - just give us the headcount and funding stream you were using to pay for it outside the IT budget and we'll be happy to oblige!)

This leads to a fourth assumption (I guess I'll stop after this, though I could go on at length) which is that shadow IT department, trying to sneak around the IT portfolio and project management and review process, has even bothered to consider whether their plunge into some rogue project is in the best interests of the organization as a whole in terms of (a) project prioritzation (b) allocation of corporate IT resources (c) network security (d) systems integration or (e) many other things such as privacy, compliance with corporate or government regulations, etc. Not that the department is even in a position to consider these global corporate (or agency-wide) issues if they had an iota of concern about them.

Well I said I would stop but... fifth, since you seem to be concerned with the efficientcy of the IT process, what sort of efficiency is implied when you have developers and/or consultants working in a finance or personnel or marketing department, isolated from the body of expertise and access to resources gathered in the IT shop, which may include not only multiple types of application development strategies, but server and db management methods, imaging systems, scanning and QA procedures, file transfer methods, print pools, and mobile device management strategies? The answer is zero efficiency, and in fact, potential risk to the entire organization.

So, sorry Andrew, but I think your ideas and attitudes about this are very wrongheaded. They suggest you do not have enough experience managing IT for a major institution to make the judgments you are presenting here. No doubt there are isolated instances in which a shadow IT group comes up with a good idea and carries it out successfully in a way that does not negatively impact the organization, integrates well with corporate infrastructure and remains an asset rather than becoming a future burden to IT, which could not have done it better and with fewer resources had they been approached. Did I say no doubt? Well, some doubt.... but even if there are such cases, they are the small minority and do not make any argument for embracing shadow IT projects in the way you recommend. As I said, a more efficient IT review process is a good thing in itself, but it will most likely mean that the vast majority of those shadow projects are rejected as ill-conceived in the first place.
Somedude8
100%
0%
Somedude8,
User Rank: Ninja
3/19/2015 | 12:03:49 PM
Guess it depends on the industry
I worked a lot in finance, and have seen everything from users emailing each other NACHA files (no encryption or anything) with thousands of account numbers, to putting account information on personal dropbox accounts.

Best reason I heard was something like "Well, when I tried to upload it with our utility, it said the file had a bunch of errors, so I had to email it."
D. Henschen
100%
0%
D. Henschen,
User Rank: Author
3/19/2015 | 12:57:21 PM
All great, timeless advice, but why is it so hard?
Not to take anything away from all these great points of advice, but it seems like we've been hearing many of them for years. Speed evals and implementations? Be proactive and get involved with the business? If IT hasn't heeded this advice by now, it's probably suffering from more pervasive cultural issues that are blunting its effectiveness on multiple fronts. I think the companion peice here should be on how IT can cultivate a culture of innovation.
Stratustician
100%
0%
Stratustician,
User Rank: Ninja
3/19/2015 | 2:47:15 PM
Re: All great, timeless advice, but why is it so hard?
I agree.  I think a lot of this comes from frustrations that often IT really isn't in charge of some of these projects.  We all know that IT decisions when it comes to looking at a new solution or new vendor has a lot of personal agendas involved.  This can adversly affect how the department operates and can lead to a lot of behaviour such as circumventing standardization, using less-than secure tools, or simply resulting in a culture of avoidance of projects.  I think the key is that there are lots of opportunities to turn "Shadow IT" projects into mainstream, adopted projects, it just means that the right measures are in place to identify these projects and ensure that they are integrated into the overall IT plan to reduce risks.
Andrew Froehlich
100%
0%
Andrew Froehlich,
User Rank: Moderator
3/19/2015 | 7:13:20 PM
Re: Where Should I Begin...

@Tony A.  Thanks for your comments. I think we differ on "why" shadow IT came to be. You stated several reasons such as egos, pressure and ignorance. All forces outside of the IT department. In my opinion, shadow IT cropped up because of IT's unwillingness -- or inability to shift toward a culture where many people outside of IT actually know a thing or two about technology and have the ability to do it on their own.  With today's tools like SaaS, many shadow IT projects can and are successful. 

Andrew Froehlich
100%
0%
Andrew Froehlich,
User Rank: Moderator
3/19/2015 | 7:17:28 PM
Re: All great, timeless advice, but why is it so hard?
@Stratustician -- great point about "personal adgendas". That indeed can be a huge problem...both inside and outside of IT. And I agree. I've seen shadow IT project become absorbed by IT by wrapping controls around them. Was it the easiest path? No. But it worked.
Stratustician
100%
0%
Stratustician,
User Rank: Ninja
3/19/2015 | 7:31:18 PM
Re: All great, timeless advice, but why is it so hard?
And that's all that matters. It works, and honestly now that we have new IT blood of folks who are growing up with a new set of technical skills, we're going to see some really creative new approaches towards business enablement.
Broadway0474
100%
0%
Broadway0474,
User Rank: Ninja
3/20/2015 | 12:17:01 AM
Re: All great, timeless advice, but why is it so hard?
Stratustician, is this new young blood IT in charge, though? They may have the training and be native in mobile, SaaS and other 21st century tools, but if they're not the ones making decisions, does that matter?
Page 1 / 3   >   >>
Slideshows
10 Ways to Prepare Your IT Organization for the Next Crisis
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/20/2020
News
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Commentary
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll