The terms shadow IT conjures up negative images in the minds of most IT organizations. Yet non-IT enterprise functions and lines of business are buying more of their own IT systems than ever before, particularly product, operations and external customer-facing groups and highly dynamic services areas. “As business functions seek to realize the benefits from these non-traditional channels of IT enablement, the shadow IT organizations are growing aggressively in order to help orchestrate and aggregate services into business consumable offerings,” says Craig Wright, managing director of outsourcing and technology consultancy Pace Harmon.
[ Related: 4 ways to apply SLAs to shadow IT ]
Shadow IT is not necessarily a threat to the IT organization. In fact, it can be an effective way to meet changing business needs and create a greater understanding between IT and the business. But IT leaders must do a better job of identifying, assessing and managing these once stealth systems to both manage their risk and reap their benefits. CIO.com talked to Wright about how IT organizations should rethink their relationship with this realm of IT systems.
CIO.com: The term is largely a pejorative in IT groups—or used to be. What are the legitimate reasons for concern about shadow IT?
Craig Wright, managing director of outsourcing and technology consultancy Pace Harmon: Shadow IT has traditionally had negative connotations for IT groups as it is often perceived as a serious threat to the continued existence of IT as a function.
Many IT organizations have evolved over time, morphing to accommodate major transformation projects such as ERP implementations AND refreshes, re-platforming from legacy technologies to current day solutions, and extending or contracting based on mergers, acquisitions, and divestitures. As a result, the size, shape and composition of the traditional IT organization is often as confusing and complex as the myriad of technologies that are woven together into a tapestry of IT solutions that are constantly challenged to keep up with business needs.
Contrast that dynamic with shadow IT, which is often set up by the business for the business, very well aligned with the affordability and competitive demands of the business, is easily understood as it aligns perfectly with the business functions OR products, embraces the latest and greatest technologies via SaaS, PaaS, IaaS, and other consumption-based models, and is agile by design—not as a costly retrofit.
While shadow IT often appears to win over the traditional IT group, this is not the case where organizations have legitimate concerns in major technology areas, such as:
- The ability to scale to deliver and support enterprise-wide solutions
- Conformance with regulatory and quality requirements, particularly where design, construction, installation, operation, or performance [is auditable]
- The continued use and integration of legacy platforms where there is no as-a-service alternative and down and dirty IT programming skills are required
- The need to address the corner cases where there is no real business case, but there is an absolute technology-driven need to address obsolescence, vulnerabilities, customization, or localization requirements
CIO.com: So what’s the upside—not just for the business, but also for the IT organization itself?
Wright:Shadow IT demystifies IT. It is a trusted model, relatively inexpensive, and established along operating principles that are clear and obvious for consumers. Enterprise users of IT often have difficulties understanding the terminology and definitions of services used by IT and are even more puzzled by the costs and time to achieve desired outcomes. IT functions that recognize the value of bringing shadow IT under the IT umbrella are viewed by the business as being less intimidating and much more business intimate.
CIO.com: How can IT leaders best identify and recognize shadow IT?
Wright: By its very nature shadow IT has low visibility and takes time and effort to separate out from the business functions it is woven into. IT leaders may only become aware of it when an incident occurs or an audit or security investigation identifies a new data or security vulnerability. Working with business stakeholders is the real key to identifying the existence and value of shadow IT, as well as how best to harness it.
How can IT leaders best harness the benefits that shadow IT has injected into the business?
In addition to the establishment of SLAs, IT can harness benefits from shadow IT by:
- De-jargoning IT so a consumer of IT services can specify their needs in plain speak to achieve a clear business outcome. They shouldn’t need to know anything about IT technologies, how they are provisioned, or which provider is delivering them.
- Bundling hardware, software, infrastructure, and services so a user doesn’t have to be a computer genius to figure out all the piece parts or how they integrate to enable business functions.
- Expanding the service catalog to include shadow IT services, thereby legitimizing the demand and supply of such services.
CIO.com: What can CIOs do to better manage the risks of shadow IT without stifling its benefits?
Wright: Risks exist in any environment that involves change—and change is definitely a constant in IT. The perceived risk of shadow IT is increased when it is delivered in stealth mode as it is unquantified and uncontrolled risk. By legitimizing the shadow capabilities, the increased visibility allows for risks to be assessed and mitigated in the context of the specific business conditions.
In developing risk mitigation strategies it is important not to use a sledgehammer to crack a nut; a one-size-fits-all mandate will likely render shadow IT dead on arrival. Challenging the norms—mixed with a reasonable amount of creativity and out-of-the-box thinking—will help ensure shadow IT benefits.
CIO.com: Where does outsourcing fit into the world of shadow IT?
Wright: Shadow IT is not driven by outsourcing and—interestingly enough—can itself be an outsourced function. An outsourcing event is a great opportunity to rationalize and redefine IT services, aligning them to business outcomes and negating the need for multiple organizations [to provision IT services].
CIO.com: If you do all this to shed light on shadow IT, is it even shadow IT anymore? Is there a better term for it?
Wright: A better representation of shadow IT would be to recognize it as “business technology.”