10-26-16 | Blog Post
Note: This is the first in a series of posts talking about Shadow IT, why it exists, and how to mitigate it within an organization.
Shadow IT has been talked about amongst CIOs, but according to Oracle, we still aren’t paying enough attention. Why is that?
There are many factors, but the big one CIOs might not be willing to face is the problem of goal orientation between the IT department and the rest of the business: They just don’t match. IT is going to focus on security and compliance, but for the rest of the business, it’s all about efficiency and profit.
When it comes to Shadow IT, there are two points of view: The IT department and the line(s) of business. Each has its own priorities within the organization, and to effectively manage Shadow IT, both parties must work together to understand each other’s needs. There’s no better way to start than by understanding where the other side is coming from. Let’s break down the two points of view.
From a business perspective, their focus is revenue, of course. If a certain app they’re using (Dropbox for example) allows them to increase uptake of the product and realize revenue sooner, they’re going to use it without question, and without consulting the IT department, because they simply don’t CARE whether it meets IT’s standards. They’re being held accountable for profit and loss, not security. But security breaches can lead directly to profit loss, and while IT (or the C-suite) might shoulder the blame, it ultimately affects everyone in the organization.
Therefore, there’s a lot more to picking a secure application than meets the eye. This is where IT can help. A LOB might not know how to qualify an application as “security-minded,” but IT does. “We see that day in and day out in IT, and we know how to look out for that,” said Matthew Taylor, managing director for Accenture Technology Strategy and a former CIO. “But people that are aren’t in IT don’t necessarily know to watch out for those types of things.”
From an IT perspective, their focus is on governance and compliance and expense control. That means IT doesn’t care how long it takes to audit an application or if it syncs well with other apps, because they’re not being judged on those things. However, that attitude is coming back to haunt them because the market is looking elsewhere to satisfy its needs. According to recent research by Accenture, 60 percent of the more than 1,800 survey respondents said IT does not have a significant influence on their choice of an “as a Service” provider, with 77 percent feeling that the IT organization lacks the skill sets for an as a Service world. In addition, 39 percent said that IT adds limited value during the as a Service selection process. Why is that? Because IT has always worked in a control-based model, focusing on the bureaucracy it takes to move a project through and not on the customer. Service providers instead focus on the customer.
According to Taylor, it’s time for a change. “IT departments need to create a carrot approach instead,” he said. “Let your clients know that you know you’re not a monopoly; you know they can go elsewhere. Give them capabilities that draw them to you.” Essentially, IT departments need to become as-a-service providers, competing directly with other service providers.
In many cases, internal IT already does not have the time or resources to manage cloud, disaster recovery and/or backup infrastructure for each line of business. Outsourcing the infrastructure to a service provider can free IT from monitoring, managing and maintaining that infrastructure and allow them to focus on other projects.
If shadow IT continues unabated, there are numerous consequences, including time and risk management, as well as budget woes. “Without one IT point-person to unify their cloud investment strategy companies will continue to struggle with individual departments tugging time and resource in opposing directions,” said Johan Doruiter, senior vice president of Systems, Oracle EMEA.
According to Oracle’s research, the best way to fight Shadow IT is for customers to change their IT funding model. It’s also a matter of adaptation and adoption. IT must adapt to the changes in technology and adjust their speed of change to the business’s speed of need. Once IT has adapted, the business must adopt IT’s practices. Finding a secure hosting provider is one step IT can take to alleviate the burden of managing and controlling an infrastructure. When you have a provider who offers secure, compliant services by the sip, internal IT can act as a broker between its customers and the service provider, leading to more efficiency and less Shadow IT within the organization.