Shadow IT is often viewed as something that opens up businesses to data and security threats, leaving IT without control over business apps and services. But that attitude is changing as more businesses adopt a friendly attitude towards unconventional IT practices.
"Some CIOs certainly see 'shadow' IT as a negative, hence the less flattering terms 'feral' or 'rogue' IT, but more progressive CIOs know that, given today's technology and the increasing savvy of the business, it's in their best interest to embrace shadow IT," says Tracy Cashman, senior vice president and partner of WinterWyman Executive Search.
Cashman says it's time for IT to embrace the fact that they can't control everything and instead, help drive innovation around IT practices so that they align with the modern reality of technology. It's about empowering users because otherwise, they'll go around IT and download the software they want to use anyway.
[ Related story: CIO's seat on board reflects IT's move to agile, DevOps ]
Reactions to shadow IT vary
Embracing shadow IT can actually benefit your company and your employees, but according to Martin Johnson, senior director of Cloud Product Marketing at Blue Coat, attitudes around shadow IT will likely change depending on who you talk to.
Employees at smaller business units don't necessarily consider the negatives of adopting new software without IT's knowledge. Rather, they see it as a faster and more efficient way to increase productivity and alleviate redundant tasks. For example, your workers might opt for a third-party cloud service over an internal network, so they can access files across devices or on the go, which leaves IT largely out of the loop, but makes their work lives easier.
IT, on the other hand, views it as a "security risk," according to Johnson, but notes that IT departments also understand the importance of remaining on top of the latest technology trends. They don't want to fall behind the times, but they also need to balance security risks with supplying employees with the tools they need to be effective.
On the C-suite level, opinions are often mixed and attitudes around shadow IT can vary depending on the executive and industry. "Cloud savvy organizations recognize that cloud must be adopted for its business enablement benefits if the risks can be mitigated. Those in more traditional or compliance heavy industries, however, can still be hesitant to embrace the cloud - including both sanctioned apps and shadow IT," says Johnson.
[ Related story: How to embrace the benefits of shadow IT ]
One of the problems with shadow IT, from a business perspective, is that if you don't know what software is currently in use, it can lead to embarrassing customer relations. For example, Cashman says if you have a bunch of apps and systems in place that can't speak to one another - because IT doesn't know about them - you might find customers receiving multiple invoices or the same email three times from three different people. Ultimately, that can affect a customer's desire to continue doing business with you.
Alternatively, if your employees feel comfortable going to IT with software they'd like to install, IT can keep a running list to evaluate each request and check if another department is using something similar, or if there's already an approved software that can get the job done.
"IT can help provide that integration and oversight and make sure everyone is working from the same playbook and give the customer a seamless experience. IT also may have more ability to negotiate competitive pricing if they have worked with multiple vendors or know exactly what modules and functionality are needed," says Cashman.
Shadow IT a budgetary issue
A lot of the focus hovers around security risks, and employees who just don't know any better. But there's another aspect to shadow IT that directly impacts the bottom line of your company. As Johnson points out, if you have multiple employees and departments, all running different third-party services - many of which probably do the same thing - then your company is probably wasting money.
"Paying for multiple accounts of the same cloud service, or for multiple services with similar functionality that have been adopted in isolation by different departments can quickly add up," he says.
While it's important to know every program your employees are using for work, it's more than just knowing what lies outside of your control. It's about "maintaining visibility and control over all applications," according to Johnson, and avoiding potentially expensive redundancies.
And the answer might lie in educating your employees, says Johnson. Today's workers are so accustomed to using apps across their smartphones, tablets and notebooks that they carry that attitude over to work. It's likely they don't really understand the implications of enterprise security, and why it might not be a great idea to upload sensitive data to a third-party server.
One of the biggest impacts of shadow IT on traditional IT departments comes in the form of future planning. More than ever before, IT leaders need to be on top of the latest software, and need to have an understanding of how the latest favored apps will affect the business.
"Cloud apps and services have completely changed our notion of the corporate network and IT planning. No longer are applications adopted solely by IT and protected behind a battery of IT controlled perimeter defenses such as firewalls and IPS, nor are they used solely by employees within the company network," says Johnson.
Johnson says IT workers need to plan for the future by not only educating themselves on the wide array of available apps and services, but by educating employees on the risks as well. "If IT simply becomes the department of 'no', employees will find a way around it. Instead, IT needs to become the department of 'Yes, as long as company security requirements are met'," he says.
Find a balance
Cashman says that when it comes to embracing shadow IT, it boils down to finding the right balance for your specific company and industry. You want your business to stay competitive and innovative, but security and compliance are just as important. IT leaders need to get creative in how they approach shadow IT - because just like BYOD, it's not going anywhere anytime soon.
Part of embracing innovation comes from instilling a sense of trust in your employees - you want them to feel like they can come to you with creative ideas without automatically hearing "no." Cashman even recommends having a team from the business side who can act as a liaison with the IT department, advocating for new ideas and helping to develop a company-wide process for implementing new apps and services.
"IT almost has to be an internal consulting firm for the company. They need to listen to what the business thinks it needs, and then sometimes redefine that to what the business actually needs," says Cashman.