by Jeffrey Bannister

How to harness the power of shadow IT

Aug 15, 2017
CIOIT Leadership

The business risks posed by Shadow IT are very real. But, when properly managed, so are its benefits.

Shine a spotlight on shadow IT and prosper keyboard programmer hands

CIOs today face a unique HR-related challenge: Not only to recruit and retain the best possible talent, but also to deal with the technological expectations of an entire organization’s employees, when some of those employees were born in an era before color televisions, while others have grown up with smartphones and laptops as staples of daily life.

The modern workforce is comprised of five generations, from near-retirement Traditionalists born in the 1940s to the young adults of Generation Z just now entering the professional world. In the decades constituting this wide age gap, the accessibility of digital technologies has increased exponentially, as has the digital experience of end users. The younger generations, especially, expect technology and applications at work to be as fast, agile, and flexible as those at home. When users do not feel their needs are being fulfilled by IT departments that are either too slow to innovate or simply limited by multi-year investment cycles that make any implementation look dated, they find solutions outside the organization in third-party applications and platforms.

Broad availability of business-friendly software as a service (SaaS) solutions and simple-to-deploy cloud computing environments have led to unprecedented growth in non-IT department technology spending, sometimes described as Shadow IT. By purchasing this technology without IT’s approval or coordination, employees incur risks, but can also position their organization to enjoy certain benefits.

Consequences of Shadow IT

Shadow IT, the use of non-native IT systems and platforms without explicit organizational approval, is undeniably prevalent. A study conducted by NTT Communications in 2016 found that 78 percent of business decision makers will admit that employees in their department are using cloud services without the knowledge of the IT department. Of 500 IT and business decision makers surveyed across the E.U., 83 percent of respondents believe Shadow IT will increase in frequency over the next two years.

The risks are real. Storing data on unauthorized platforms, for instance, not only puts sensitive information at risk of being stolen, it also may violate compliance laws like HIPAA and the Sarbanes-Oxley Act in the U.S. or the General Data Protection Regulation in the E.U. Shadow IT may cost large amounts of money for organizations that unwittingly purchase two or more applications that perform the same general service. Cross-platform incompatibility can also waste time and exacerbate user frustrations with an organization’s own information technology. 

For all its drawbacks, however, Shadow IT is not inherently negative. In fact, Shadow IT that is embraced by a motivated IT department can be an important element in an organization’s digital transformation, opening it to new processes, platforms, and applications.

The existence of Shadow IT shows employees’ growing comfort with digital technologies, as well as a desire to interface with new solutions. It often highlights weak spots in current IT infrastructure, and fosters a sense of autonomy and freedom to innovate amongst departments willing to seek out solutions on their own. As long as IT has adequate oversight and is equipped to manage the problems that Shadow IT presents, the issue in many cases can be leveraged into a positive for any organization with the right mindset.

Transformation of IT

Harnessing the power of Shadow IT requires multilayered management by an IT department empowered to create change in an organization. Consider these three approaches to transformation:

1. Become a policymaker

Making the right technology decisions first requires good information and accurate data. To bring Shadow IT into the light, CIOs could grant amnesty to end users in exchange for login credentials. (In our study, 70 percent of business decision makers say their departments would freely relinquish control of their cloud accounts). Then through a tool such as NTT Com’s Cloud Management Platform (CMP), they could examine these alternative digital solutions, determine why and how they were being used and either incorporate them or grow the company’s IT landscape in other ways. Assumed in this scenario is a corporate culture open to change, an executive team that includes IT, and CIOs with the power to make and implement policy.

2. Become an educator

Given how easy public cloud and SaaS solutions are to use, end users can be lulled into believing themselves more tech-savvy than is the case. Explaining security risks and other downsides of popular solutions requires the tact and skill of a good teacher. Employees and departments also are likely to turn to Shadow IT solutions when they are unaware that IT-vetted alternatives are available, and possibly even better than non-authorized tools. The more effective IT can be at training, educating and informing an organization, the less likely Shadow IT is to become an issue in the first place.

3. Become a co-creator

In the legacy model, tasked with maintenance and trouble-shooting, IT departments were ill-equipped to meet rising expectations for additional services. Yet by constantly rejecting or delaying requests, IT often became what we dubbed in our study as the ‘Ministry of No,’ leading ‘the People,’ or disenchanted employees, to turn outside the organization for their digital solutions. To shift into a co-creator mode, IT should consider creating space for itself by smart outsourcing, engaging with end users through education and information sharing (see above), and obtaining employee buy-in to invest in the best-fitting technologies.

The future of Shadow IT

As indicated in our survey, the use of Shadow IT is not in decline; nor is the IT department itself entirely exempt from this trend.

NTT Com found that to be the case through our engagement with a software firm that creates complex back-office platforms. During an extensive RFP process to select a partner to consolidate its data centers and deliver a single managed service platform, the company put a change freeze in place and a pause on all related investments. Pressured to continue developing software, however, the IT department began consuming other platforms outside of the visibility of the firm.

Selected to work with this firm, our team soon uncovered the extent of its use of Shadow IT. Through an amnesty program and the use of our discovery tools, the firm gained complete visibility of platforms being used outside of its approval. In doing so, together we took steps to reduce risks and gained insight into the IT department’s developments, rather than stopping them altogether.

This example suggests a truth: Shadow IT is often a byproduct of constraints. Younger employees, in particular, may chafe at having to lower their expectations. Understood as a symptom, the occurrence of Shadow IT can be both warning light and catalyst for change. CIOs that hope to harness the power of Shadow IT as a force for good should gather data on its use to help shape future policies and technology decisions, find ways to communicate its risks and the benefits of any existing alternatives, and position their teams as in-house enablers of innovation.