Shadow IT is a growing menace—an insidious covert activity undermining a CIO’s ability to run an efficient, safe and coordinated IT department.
It’s also may be the best thing that ever happened to a CIO.
The rampant use of business-oriented applications in the cloud by employees to increase their efficiency and productivity is a clarion call to IT leaders: “This company’s technology is so old, clumsy and stitched together that I’m going to make it look like I’m using it, but I’m really working my smartphone’s apps under the desk.”
In fact, all the tools a businessperson needs to manage daily tasks can be found on that smartphone. This is thanks to cloud providers like Netsuite and Salesforce; file sharing sites like Dropbox and Box; and social media sites like Yammer.
The Wild West
No one is admitting any of this to CIOs, but most of them know. This amounts to tacit permission of use, and the problem with that is no one is in control. Indeed, IDC Senior Research Analyst Mark Yates describes today’s business environment as the Wild West, with employees doing whatever they want, technologically speaking, in the lawless land of shadow IT.
“For most IT organizations, resistance is futile,” said Simon Mingay, vice president of research at research consulting firm Gartner. “Better to embrace it and acknowledge that employee IT and digital skills in the increasingly digital workplace are an opportunity to innovate and create more value from IT and digital investments.” He’s right, of course. Shadow IT reaps a corporate bounty in lower IT costs, increased flexibility, speedier task completion and a lot less hassle from IT. But, Yates argues, companies end up paying dearly for these perceived benefits: No centralized IT oversight fortifies organizational silos, impeding cross-functional collaboration and increasing security risks.
The latter concern resonates. Few employees tap into an app like Dropbox thinking about the risk of the organization’s proprietary data and personally identifiable information falling into the wrong hands and unleashing a maelstrom of regulatory fines, consumer and business distrust, and reputational damage. They just want to quickly sync and transfer their files.
Is there a way to permit the freedom of shadow IT and corral rogue users into a cohesive team of employees partnering with IT in a shared mission? A good start would be to rebrand shadow IT, since it isn’t really in the shadows. Everyone knows it’s there, lurking down office corridors (and in our pockets).
Rather than try to eradicate shadow IT, let’s rename it “dispersed IT,” since everyone has a piece of it.
Secondly, let’s shine a light on its particular usage, to illuminate the business-IT disconnect fueling our reliance on it. Efforts should focus on ways to bridge this gap by managing it. In this quest, the CIO becomes the uber appmeister, a company’s internal IT consultant orchestrating the use of cloud-based tools in concert with internal IT systems.
Mingay further advised that CIOs adapt and change the nature of the IT engagement, “to bring shadow IT out of the shadows, make it transparent, provide services that support it.” Out in the light, the role of IT adapts to one of “managing the critical and complex enterprise solutions, while guiding, nudging and shepherding elsewhere,” he added.
Once the vulnerabilities giving rise to shadow IT are identified, the CIO needs to have a frank talk with the business function or unit whose employees are heavy users. Why do these users circumvent IT? How can we work together to fix the problem? How can we get users to come out of the shadows and participate in standardized IT-led processes without taking a hammer to their productivity?
Rules are not the answer. Policies punishing the use of third-party apps will push rogue users deeper into the darkness. Instead, IT should have candid conversations with employees about why they are using certain apps, and pave the way toward a mutually viable arrangement. Then IT can assume the role of broker—an intermediary between users and their apps—that handles security, compliance and overall alignment with business strategy.
With these solutions in place, “dispersed IT” can work for everyone.
This article was originally published by Forbes.