The darkside of Shadow IT

Employees creating and using their own IT solutions without the permission - known as Shadow IT - is on the rise and unless managed properly it represents a covert risk to companies.

Shadow IT is IT activity that occurs outside of IT. Shadow IT is growing in many organisations driven by consumerised technology, mobility, the availability of cloud solutions and quite frankly relatively slow cycle times within captive IT organisations.

How do you control or eliminate shadow IT is a frequent question raised by CIOs and IT professionals.

The question and the desired answer say a lot about IT, much of it not good.

Before we discuss that let me acknowledge that shadow IT based applications and activities represent an off the balance sheet/budget risk for CIOs and IT.  It’s a risk because while the business is great at initiating technology projects on their own, their interest and attention to finishing what they started is about the same a three year old who has tired of a new toy.  This often leaves IT holding the bag when the business says ‘here operate and integrate this, after all isn’t this your job’.

So how do you look to eliminate shadow IT?

Here are two ideas.

First don’t.

Restructuring Shadow IT

Restructure rather than restrict shadow IT.  Restricting IT through governance, policy or other prohibitions only drives shadow IT underground. Makes shadow IT harder to find and much more of a surprise when it ‘pops’ up.  So rather than saying no, let me suggest that CIOs need to restructure the organisation and figure out how to say yes.

Go back and look at the real nature of Shadow IT demand and solutions.  In many cases the shadow applications are requests for greater information consumption and rather than information creation or production systems.

Support information consumption and manipulation applications through creating standard API’s and information services that extract but do not put back information.  Now that is nothing new, but facilitating the business getting unfettered access to its information gives your peers what they want and you the ability to differentiate between giving people access to information and enabling processes to transact with core systems.

Core transaction processes should remain within the IT governance structure not because IT says so, but because core transaction systems carry a different level of business, technical, risk and control requirements that demand formal processes.

Restructuring shadow IT enables you to say ‘yes’ to things that your business peers need but do not challenge the integrity or operational performance of the enterprise so you can say ‘NO’ to situations that require greater control.

Raise IT Throughput

Another approach to lightening the depth of shadow IT involves raising IT’s throughput, productivity and cycle time.  Shadow IT exists, in part, because the business believes that IT does not have the capacity, availability or skills to meet their needs.  They get that impression from IT processes and productivity levels all of which signal that IT is too busy handling its formal and planned demand and therefore is closed for any additional business. Too many CIOs signal to their peers that “sorry sir, but the park is closed’ that is natural for business peers to look elsewhere or do IT themselves.

Every additional project you are able to complete, you take power away from Shadow IT and more importantly you are delivering tangible value to the business.  Lighten the depths of shadow IT by increasing your own productivity, raising your throughput and reducing your cycle time.

Does your IT organisation have formal plans, targets and goals for raising IT productivity particularly throughput with goals for completing more projects and reducing time to market.  Chances are that while you have a plan to allocate all IT resources to projects, you lack a plan for driving IT productivity to make the pie bigger.  This leaves the business with no choice but to roll its own technology.

Clearing the shadows in shadow IT

Your response to shadow IT tells others about your confidence, management approach, and views on IT.  If you see shadow IT as renegade competition to in-house IT, then you believe that you and your IT team are the only game in town.  Captive IT has never had a monopoly on the application of technology in their business.  Continuing to believe so only lends credence to the IT that while IT is good at some things; there are many other things that we have to do for ourselves.  You see what the CIO sees as shadow IT, their business colleagues see as a reasonable response to delivering their plans.

Recognise that in a world of greater consumerisation, information consumption demands will outstrip your ability to support them.  If you have already given business colleagues greater control and ability to generate their own reports, then you can also give them greater abilities to extract information into mobile and other applications. After all, information in motion creates value.

Realise as well that business demand for IT will always be imperfect, inaccurate and fickle.  It will change and should change in the face of competition, changing performance requirements and customer realities.  These realities demand greater productivity from IT in terms of its ability to produce solutions, updates, upgrades, etc. not just faster, but also more of them.  Shadow IT fills the gap created by unstable demand and stable or declining IT productive capacity.  Greater control will not close that gap.  Greater capacity, productivity and throughput from within IT is the only sustainable solution.

Mark McDonald, Ph.D., is a group vice president and head of research in Gartner Executive Programs