Embrace Shadow IT?

An article by: David Tan, Chief Technology Officer, CHIPS Technology Group

If you’ve never heard the term before, I suppose a little background and explanation would be a good place to start. Shadow IT is a term used to describe factions of end users that introduce technology into an organization without going through proper IT channels. It became a wide-scale phenomenon around the time Apple introduced iPhones and later iPads, when users (and executives) started to embrace the devices, acquire them on their own, and force IT departments to make them work with existing systems. Needless to say this was not met with widespread joy by the IT groups that had to make this stuff work.

Traditionally, the expression has had a bad connotation. Users don’t understand the inner workings of a network and technology infrastructure, don’t take security and compliance concerns into account, and don’t always know the hidden costs associated with getting these often consumer centric devices to work in corporate environments. For this and other reasons, talk about Shadow IT has always been about how to control it and/or stop it altogether. Even I have written about the dangers – particularly as it relates to security – of Shadow IT on your company. Well, today I’m here to sing a new tune, and take a look at the other side of the coin.

So why the change of heart? Well, there are a couple of reasons. First, the components that generally make up Shadow IT these days has changed dramatically. While it used to be things like platforms and devices (smartphones, tablets, phablets, etc.), those are essentially standard issue for any IT department these days. It is becoming less and less common for a user to buy a consumer device and need to get it supported, since this is the norm. Instead, Shadow IT has morphed into things like self-service cloud services that end users can find, provision and implement themselves with no IT interaction. While some of these still pose a very real threat to security and compliance (Dropbox for example, while secure, can be easily implemented and even more easily abused), they are for the most part robust, secure platforms that work to enterprise standards right out of the box.

This brings me to my second reason. IT is tasked with major corporate initiatives. Things that affect the whole organization and drive organizational efficiencies or bottom-line profits. A small-impact solution that only improves the efficiency of one department would almost invariably fall to the bottom of the priority list. That seemingly small project may however have a very real impact on the organization and could prove infinitely more valuable that the major projects on the horizon.

When I talk about Shadow IT now I’m talking about things like a marketing department logging into Hootsuite or Pardot and streamlining social media efforts. I’m talking about a small team spinning up Basecamp for better project management and collaboration with customers and partners. I’m talking about the HR department signing up for Zenefits or Bamboo HR to streamline the time and attendance process. The possibilities are limitless. Users are the ones that know what they need, and they are the ones that can properly evaluate these solutions. Shadow IT is starting to drive real innovation.

Now don’t think for a minute that IT can be out of the equation entirely. There is still a very critical need for them to understand the solutions and services that are being brought into an organization. All these systems need to interact with each other and connectivity, availability, security and compliance are still very real issues. I do think however this is a great opportunity to streamline the process. If the business users can find and vet the solutions they are interested in, it cuts the IT time and costs way down. Getting them involved lightly early in the process, and more heavily at the end will allow a much smoother implementation of all systems, big and small. This is truly a win for all involved, especially the business.