It’s Time To Embrace, Not Fear, Shadow IT

At this very moment, the IT department at a typical enterprise is staring at a mind-numbing list of IT project requests from employees and business units — ranging from building a custom mobile app for warehouse operations to integrating with back-end office systems.

To manage this endless to-do list, the IT department logically arranges requests by how significantly they impact their bottom line, or by whichever metric matters most to the business at that specific moment. The “winners” tend to be technology projects that boost sales or improve the customer experience. Less fortunate are more internally facing requests, such as a solution to streamline logistics. The outcome of this process is that priority requests are completed, while the majority of others languish unfulfilled or are perpetually delayed.

None of this is the fault of IT departments or the various constituencies they serve. Innovation is occurring at such a rapid pace that employees and business units are no longer content to wait weeks or months for an idea to come to fruition. It is the convergence of overwhelmed IT staff and the availability of off-the-shelf applications and cloud services that is giving rise to Shadow IT — broadly defined as applications and solutions built within an organization of which the IT department is either unaware or has not officially sanctioned.

Will Shadow IT Drive Innovation?

A 2015 global survey of 200 CIOs by Brocade found that 83 percent experienced some level of unauthorized provisioning of cloud services. Indeed, until recently, executives and IT departments viewed Shadow IT as an alarming development that introduces security and control issues. But what if Shadow IT could be converted from a perceived liability to an invaluable tool for rapid innovation and cost management? What if businesses could turn their employees into citizen developers empowered to see an innovative idea all the way through to a final product or process?

Opportunities to innovate for non-IT specialists within the enterprise are being stifled by traditional application and product development processes. The rise of Shadow IT, in part, reflects the desire by employees to move forward with projects being held up by strained IT department resources and bandwidth.

By doing so, employees become “citizen developers,” best defined as any non-IT specialist within the organization who is empowered to quickly and easily build and deploy solutions that address a specific business need/pain point without IT department support. This innovation can then spread throughout the organization as other units become aware of a solution and its positive results.

Will Shadow IT Reduce Burden On My IT Team?

The IT task requests that often get relegated to the back of the list are those focused on worker productivity enhancement, simplifying communications or process improvement. These are not sexy customer or consumer-facing projects, but they can significantly impact the bottom line.

Businesses must grade the security risk of Shadow IT against the opportunity cost of stifling citizen developers from innovating.

The white-hot business messaging app Slack is a good example of how Shadow IT can be introduced in the enterprise in a way that can spur innovation and free up IT resources. Many companies deployed Slack through a “land and expand” deployment, whereby one unit started using it passionately, and from there it moved across the organization like wildfire.

To reduce the burden of technology projects, the IT department must exceed the expectations of their internal customers by empowering them to solve problems. As a result, IT can focus on higher-level innovation projects that require deeper IT integration or more technically capable resources.

Can I Keep Shadow IT Secure?

Eighty-nine percent of U.K. enterprise CIOs feel the unsanctioned use of Shadow IT services presents a long-term security risk for the business, according to a 2015 Vanson Bourne survey. Organizations are right to stay vigilant with security vulnerabilities that can be introduced when employees are deploying applications and services outside of their purview. If there is anything worse than inertia, it is rogue employees with minimal IT experience attempting to build, integrate or deploy technology that could disrupt systems and networks.

Businesses must grade the security risk of Shadow IT against the opportunity cost of stifling citizen developers from innovating. Security questions to answer include determining if the solution needs to integrate data with your main systems. Does it house and archive key critical company information? How secure is this environment? Shadow IT is not secure by default, but can be if the organization installs proper parameters.

What Role Should IT Department Play With Shadow IT

Negativity around Shadow IT is partly due to the notion that activity is surreptitiously taking place under the IT department’s nose. In a handful of cases this may be true, but it is more likely departments know activity is taking place and lack visibility into how much, by whom and what the results are. A survey of IT executives released by the Cloud Security Alliance earlier this year finds that nearly 72 percent of executives don’t know how many Shadow IT applications are being used within their organization. In fact, only 8 percent of executives say they truly know the scope of Shadow IT at their organizations.

For organizations to truly benefit from Shadow IT, there is a tangible and leading role for the IT department to play — whether it is approving underlying platforms or even discovering new projects themselves, then turning them over to citizen developers within the organization to address their specific needs and innovate.

The rise of the citizen developer will be a common theme over the next few years, and enterprises that embrace the potential of Shadow IT will be best positioned to innovate and thrive.