The risks and costs of shadow IT have been always been a concern for IT organizations. Yet the business clearly values the capability to procure certain IT services to rapidly meet its changing business needs — so much so that these informal IT capabilities are springing up even more often than IT leaders realize. One 2015 report by Cisco indicated that the number of unauthorized cloud applications being used in the enterprise, for example, was 15 to 10 times higher than CIOs estimated.
[ Related: CIOs vastly underestimate extent of shadow IT ]
Rather than trying to shut down growing shadow IT operations, however, IT leaders can take a different tack that embraces the benefits of business driven IT purchasing — such as better technology-business alignment, responsiveness, speed, and agility — and address some of the negative aspects of the practice — including unintended solutions overlap, inconsistent IT strategy, lack of integration ad standardization, cyber risk, and fragmented IT vendor management.
“Ignoring or trying to close down a delivery model that is liked so much by business consumers is not a great idea, particularly if the core IT function is viewed as a cost item rather than a value enabler,” says Craig Wright, managing director for business transformation and outsourcing consultancy Pace Harmon. “If the shortcomings with shadow IT can be overcome then there is a great deal to learn from it.”
[ Related: 6 Tips to Help CIOs Manage Shadow IT ]
IT can harness the power of shadow IT services and solutions and mitigate associated risks by wrapping formal standards around its delivery. “When shadow IT is recognized for its capabilities and the services understood and documented then organizations can establish effective governance across core IT and shadow IT functions,” Wright says. “This is somewhat similar to establishing end-to-end process optimization inclusive of a shared services function like human resources or accounts payable. If the guiderails are established, the touch-points identified, the dynamics of the process aligned, and the repeatability of quality outcomes ensured then measuring and managing shadow IT is a fairly easy step to make.”
One way to do that is to take the same types of service-level agreement (SLA) IT uses to manage the performance of IT service providers and apply them to shadow IT. The IT organizations can take several steps to build an SLA framework for technology services delivered outside the IT organization and measure and report on their performance:
1. Apply formal vendor and IT governance frameworks to shadow IT.
“If it can’t be measured then it is incredibly hard to govern it,” says Wright. First, IT must take the time to quantify, qualify and determine measures for shadow IT capabilities, ensuring that the true and fully loaded costs are understood and communicated consistently to business stakeholders
2. Include shadow IT in event, incident, problem and request management.
Next, the IT organization should add shadow IT issues to queues in the IT service management system, establishing minimum standards of performance and measuring compliance with respect to incidents and requests. “[This] will help create the conditions in which shadow IT can also play a significant business advocate role in problem management,” Wright says.
3. Establish SLAs and operating-level agreements (OLAs) for shadow IT.
By creating specific SLAs for shadow IT and including these non-IT delivered capabilities in operating level standards, IT can align overall goals and targets with shared objectives, such as 100 percent compliance with change and release management procedures. “For external functions (to the extent possible) align SLAs within underpinning contracts to defined outcomes compatible with SLAs,” advises Wright. “And where SLAs are non-negotiable establish responsibilities and supporting organization objectives or OLAs for shadow and core IT to provide an effective bridge from the non-negotiable SLA to the required outcome.”
4. Align IT performance reporting, including shadow IT performance in all dashboards and scorecards.
This will go a long way toward increasing transparency into the delivery of all IT services—with shadow IT sitting alongside IT-procured services and systems and highlight where each actually provides the most business value. “Increasing visibility via management dashboards and reviews where all parts of IT — core and shadow — are given an appropriate amount of air time helps increase the recognition of value being delivered by IT into the business as whole.”