Software as a Service (SaaS) apps have risen rapidly over the last several years and the "Shadow IT" phenomenon has turned out to be a bigger issue than many companies have realised.
Among some IT professionals there is a view that the growth of Shadow IT should be seen as a business and data security risk, therefore negatively effects business and should be rejected. But in reality Shadow IT is a rapidly growing practice adopted by business leaders who believe that Shadow IT is a sign of innovation, helping them improve their business. Shadow IT is also seen as a progressive force which enables IT to evolve and deliver real value through more powerful, efficient and less expensive options for business.
Shadow IT challenges and opportunities
Shadow IT grew out of pure necessity because most IT organisations are not structured to quickly respond to changing business demands and offer new IT solutions that keep up with the constantly accelerating pace of change in today's businesses.
The commonly accepted assumption among business leaders is that Shadow IT can create a lot of value to organisations if properly understood, managed and governed, with risks appropriately mitigated. If left without governance it could potentially destroy value and create harm to the organisation.
From an IT perspective, the use of unapproved apps is a violation of company policy and other regulatory compliance requirements. However, trying to lock and stop people using personal apps and devices at work to eliminate the business risks and threats to reach desirable compliance level, is a very difficult task. Most organisations are still focusing on protecting data centres from interruptions and unauthorised intrusions using proxies and firewalls. Unfortunately this approach has largely proven to be inefficient and incomplete in protecting corporate data. Mobility and cloud have created massive data and corporate IP seepage where a large amount of data is moving outside the corporate firewall without any visibility.
In this new world ‘the cloud’ seems to be the answer to everything and even with more sophisticated technology it wouldn’t be possible to totally eliminate and protect us from Shadow IT. A more effective way would be to ‘shine a light’ on Shadow IT to make it work for us.
To ensure secure, faster and risk-free cloud services consumption in the corporate environment, aside from introducing high-tech cloud security technologies, the key is in changing the traditional view of the role of IT.
I believe that the first step toward changing the way IT is perceived, is to make a strategic shift from the current mentality and adopt a new more superior framework across IT and business practice. The most critical task in that process is to establish a collaborative relationship between IT and business users and guide users to trusted cloud services which keep them safe and secure.
Our unique opportunity in ‘The Age of Shadow IT’ is to support the transformation process as trusted advisors rather than a companion in inquisition rejecting the value of the Shadow IT.
Can Shadow IT be totally rejected?
Let’s think for a moment about total Shadow IT rejection. Totally blocking Shadow IT requires building an organisation infrastructure and services portfolio at a similar or lower cost and quality. This could be a potential solution and direction. Some organisations will be able to leverage their own in-house IT and provide solutions that are a better fit than an external vendor. An important question is however, how many organisations can afford it? And, do they know how to build their own services to effectively compete with Shadow IT?
What are the prerequisites for Shadow IT adoption?
With the introduction of BYOD, cloud, SaaS, IaaS, legacy systems and other available IT solutions, it is more than obvious that we need to refine our current frameworks, policies and standards in order to be able to build a bridge between business demand, users, the current role of the IT department, and external cloud service offerings.
In that way Shadow IT can be easily adopted and managed without fear, enabling IT to be transformed into ‘Smart IT’.
This is a unique opportunity for IT to engage the business and accelerate innovation towards ‘Smart IT’ to keep companies running, enhance operations, and evolve from primary support to an innovative strategy partner.
Where should you start?
The approach will vary from organisation to organisation depending on the level of ‘exposure’ to Shadow IT, internal capabilities and dependence on cloud technologies. In order to determine the potential of Shadow IT, the business should understand the ways that employees cooperate and collaborate at work.
Here are some suggestions:
- Identify what services are being used
- Quantify Shadow IT in your organisation
- Understand why employees are using these to get their jobs done effectively
- Confirm what application types can be classified as "Shadow IT" and what application types need to go via a formal IT process
- Analyse the risks and opportunities of Shadow IT to the business
- Review current information security policy and standards, Enterprise Architecture and best practice frameworks in use within the organisation
- Create a policy and adoption usage approach which allows the business to easily implement "Smart IT"
- Educate users about how to keep company data safe
In the end, we shouldn’t be afraid of Shadow IT. We can be in control and easily manage visibility, compliance requirements, security of our data and be totally aligned with all other regulatory requirements and enterprise practices, without altering the user experience and enjoy all benefits offered by ‘Smart IT’. We should in fact be embracing and even encouraging Shadow IT, because it will empower employees to do their job in the most efficient way which will drive business efficiency and business excellence.