Let’s say you’re an employee at a medium size organization, and you’re doing some internet surfing when you come across a new application that allows you to share and store your documents more easily than your current one—and you can connect it to any email account. You’ve been looking for just such a solution! You immediately download it and tell your colleagues about it, and they think it’s the best thing since sliced bread. You start using it, and everyone goes on their merry, more productive way. Sounds great, right?
Now picture yourself as the CIO or IT director of that same organization, and just discovered a department went off and started using some new software you had no idea even existed. Is the application a secure method for document sharing? No idea. Is the information being shared being done so in a way that is compliant with regulations such as HIPAA or PCI? How knows, because you weren’t told about this application, and it’s a good bet the department who downloaded it didn’t ask beforehand. How are the licenses being handled for the application? If there is any unlawful licensing, you could be held liable and sent to jail or fined. Picture that across several departments, and you have a nightmare on your hands trying to regain control over your company’s IT infrastructure. How did this happen?
This is shadow IT, and it’s caused headaches for IT organizations of all shapes and sizes. Back in the old days of IT, technology was harder to acquire and maintain for anyone outside IT. Now, applications for making our lives easier and more efficient are all over the place, and cheap to get. This has led to a loss of control by internal IT departments.
One suggestion for companies to fight against shadow IT is for internal It to offer solutions as easily as the free market does. With corporate IT releasing control over the technology itself (which it doesn’t truly have any more anyway) and focusing on control of consumption of services, it acts as a broker of services, leading to faster turnaround of requests and fewer departments trying to figure IT out on their own. This business model change is known as IT as a Service.
Shadow IT is a problem that still exists, but there are ways to manage it. In a future post, we’ll discuss how you can manage shadow IT in your organization. In the meantime, if CIOs make sure their departments can easily procure cloud and infrastructure resources to meet the needs of their clients, it will go a long way toward improving company security and compliance, better communication between departments and IT, and improved transparency. Better business agility means more efficiency and a less strained relationship between IT and other lines of business.