The Shadow Knows: A look at the benefits and risks of Shadow IT

  • Post author:

The intersection of mobile technology tools—pretty much every employee these days has a smartphone, laptop and tablet—with business apps has contributed to the phenomenon known as Shadow IT. As its mysterious name implies, executives are using personal productivity tools for work purposes, often without organizational approval, resulting in a murky flow of unofficial, uncontrolled data. IT, for the most part, is in the dark about this usage.

The positive side of these developments is less reliance on IT and associated programming resources and time. Business units and executives are empowered to find cost-efficient and much faster ways to do their jobs, without waiting for IT to fulfill their needs. As the iPhone demonstrated, millions of apps are there for taking—easily and inexpensively. Not surprisingly, executives want their business productivity tools to be as simple and efficient as the other apps they have running on their mobile phones.

This is a good thing, too: For many years, IT has been a powerful fiefdom within enterprises. Major technology initiatives like CRM, ERP and HRMS system implementations insisted on a level of trust and dependence on IT to pull off the task effectively, quickly and without breaking the bank. This reliance also extended to the vendors providing the on-premises software. But, in our cloud-based, mobile world, the old ways of buying and using technology seem increasingly hidebound.

As one CIO recently expressed to me, “We’ve had a traditional in-house ERP system running on the same version with no new features for 11 years, when we finally got an upgrade that cost us $11 million. And this was a technical upgrade, not a process reengineering where we could take advantage of new functionality. Why wait around when there is this new super-rapid way of innovation?

Indeed, if IT units and software vendors cannot deliver the goods as fast as executives need them, and business apps are there for the plucking, then pluck away. But, carefully and collaboratively—with IT, not behind its back. Why? Well, if IT is not aware of the tools and does not support them, compliance with Sarbanes-Oxley and other regulatory initiatives including Basel II, PCI, IFRS and HIPAA is threatened. Another challenge is the lack of centralized management of these apps and their integration with enterprise data. Cost efficiencies can be squandered if different people and units are using the same technology and not leveraging volume-based discounts or a central data repository.

While many organizations support BYOD—Bring Your Own Device (to work) initiatives—and understand that employees use Shadow IT because they think there is no other way to get the data they need to perform their tasks, protocols must be established to address the security risks, version control issues, data consistency problems and wasted investments. In this regard, it behooves CFOs, to whom IT increasingly reports, to work closely with CIOs to understand what these risks are and how they can be mitigated.

Leave a Reply