Shadow IT – employees individually or collectively relying on unmanaged devices, sourcing their own mobile apps and cloud services, and creating their own technology workflows has become a major source of concern for many IT departments.
Shadow IT presents a range of challenges for IT:
- It makes it difficult or impossible to effectively secure corporate data as it moves to personal devices and cloud services.
- It prevents visibility into how technology is being used.
- It can create support issues when users need to contact the help desk about issues related to unapproved tools.
- It encourages technology decisions, including the sourcing and procurement of solutions for large groups of users or entire departments, to be made without IT’s knowledge or involvement.
These are all big concerns and have inspired numerous articles, blog posts, and discussions about the dangers of shadow IT and how to prevent or block it. Most of these discussions focus on the technical issues and solutions, and universally couch shadow IT as a complete negative – something that must be stamped out.
The problem with this view, understandable though it is, is that it misses the underlying cause of shadow IT – that the tools IT is providing users aren’t doing what they need.
There are plenty of reasons why those tools may not be effective. They may be limited by rigid security policies. They may be designed solely for desktop use. They may be inefficient. They may be cumbersome or difficult to navigate. They may not work outside the corporate network. They may feature a poorly designed user interface or deliver a bad user experience. Or they may not allow enough collaboration opportunities. Whatever it is, there is something that is blocking workers from being able to get their jobs done as easily or efficiently as they can through other means.
Rather than trying to stamp out shadow IT, which is practically impossible since users will almost certainly find a way around whatever blocks IT imposes, CIOs should see shadow IT as an opportunity. It’s an opportunity in the sense that it highlights, often very clearly, where something isn’t working for people. Instead of trying to wage war against people who are trying to do their jobs as best they can – something that will appear as punitive and unjustified to those people – a more forward thinking and long term approach is to engage them, understand their needs, and work to resolve the issue in a way that works for them and for IT.
This doesn’t mean letting shadow IT go unchecked. Quite the opposite. It means understanding the source of the problem and establishing a dialogue. The ideal result is that the source is identified and IT can respond in one of three ways. The first is by providing or improving the tools in question and thus resolving the issue. The second is finding a way to support and secure the tools currently being used in an unmanaged state. The third, if neither of those is a viable option, is by sourcing alternative tools that can be managed and secured but deliver the same functionality and user experience.
Even if none of these are immediately possible, the dialogue and the sense that IT is trying to help is valuable as it engenders trust and helps develop a working relationship instead of a sense of hostility. That relationship could easily pay dividends down the road in terms of developing solutions more in line with the needs of employees, creating self-service solutions, and encouraging peer-support operations that are coordinated with IT. It also offers the chance to have a real dialogue with the users involved about the very real security challenges that exist with whatever specific tools – devices, apps, or services – that they are using, which will likely encourage them to keep security in mind going forward.
Taking shadow IT as constructive criticism and responding in a constructive fashion enables a CIO to align IT much more closely with business needs. It creates a better relationship with business units, allows IT to drive more value to the rest of an organization, and it provides a mechanism to truly resolve the underlying issues that create shadow IT in the first place.