Name an organization, large or small, and that organization has experienced the rise of Shadow IT. You’d be naive to think otherwise. Shadow IT is not an overnight problem either. The rapid pace in which it came on the radar of IT leaders is a result of our cloud and app hungry society.
“Let’s clear some things up, what is an example is shadow IT?”
It’s the unauthorized IT environment that grows when employees bring technology into your organization without IT’s permission—or even knowledge.
Shadow IT has largely been driven by the consumerization of IT. Employees have grown accustomed to instant, and often free, gratification of technology in their personal lives. Settling for processes and protocols often make users frustrated by IT’s cautiousness and slow response to requests. This often leads to them taking matters into their own hands.
Additionally, the cloud has been a huge contributor to shadow IT, as it empowers workers to use their own mobile devices (smartphones, tablets, and laptops) to access software-as-a-service (SaaS) apps from the Internet. In fact, the combination of cloud and mobile has proven to be the perfect environment for nurturing shadow IT. You know, most bad things fester in dark places! And not just individual users, but entire line-of-business organizations within the enterprise are deploying technologies that fall outside IT’s purview, in search of tools that will help them respond to markets faster. This introduces numerous issues for IT including the increased risk due to lack of awareness of vulnerable applications.
Your decision on what to do about shadow IT will impact your users, your budget, your operations, and the security of your business. And you can’t afford to ignore shadow IT any longer. Too much is at stake. Per Gartner’s Richard Gordon, “today 30% of technology spending occurs outside of IT’s control. Within the next few years, that will rise to 50%. A lot of those dollars are disappearing into the shadows. But no mistake about it, shadow IT makes your organization vulnerable.
As we see it, you are left with 3 options for how you will handle shadow IT.
Option 1: Eliminate It
- Not surprisingly, the first reaction of most CIOs is to shut it down. Still, that can be harder than you might think. There will always be users who go rogue, circumvent the rules, and try to sneak in the technology they believe makes their jobs easier. Convenience always trumps compliance in the eyes of users.
Option 2: Coexist with it
- On the other hand, shadow IT has a lot of merits. When your users get to choose their devices and their apps, they can be more productive. They adopt the latest technologies faster than IT ever could, and drive innovation from within line-of business organizations, agilely responding to market shifts. That’s why, after initially attempting to shut it down, many CIOs have decided that they—and their organizations—can benefit by coexisting or even embracing shadow IT.
Option 3: Embrace It
- Visibility into the shadows is key. And you need a network that is simple enough, secure enough, and scalable enough to control the shadows. Shadow IT can help users become more productive, more agile, and help you provide improved services. By having an ecosystem that provides security across the entire network footprint, you can find more synergy between your users, and your IT team. To embrace Shadow IT, open up lines of communication within departments and develop a mechanism that allows employees to open up about tools they use and why.
The very first place to start is by assessing your shadow IT risk factors. You may discover to find enterprise data scattered through hundreds of unsupervised apps and perhaps thousands of uncontrolled devices. This introduces PCI, HIPAA, and many other compliance red flags because of the shadow IT world. As an IT advisor to hundreds of companies, we offer many paths to address shadow IT from different angles.