Converting Shadow IT into Change Adoption
Fast-paced technological advances have inadvertently opened the door to increased risks from shadow IT. Cloud-based solutions have given non-IT professionals the opportunity to create and implement applications that expedite workflow. Without being able to control or secure these on-the-fly solutions, chief information officers (CIOs) may see the movement as a security threat. However, efforts to squash the rise of shadow IT may miss the point. These unsanctioned applications may mean useful feedback and advances businesses can leverage for further innovation.
Recognize the Prevalence of Shadow IT
The 2015 Brocade Global CIO Survey, which conducted a survey of 200 CIOs globally, questioned how many had noticed shadow IT in their companies. of these executives stated that they found these applications running in their company’s cloud. More than a third of the CIOs said that their organizations explicitly prohibit shadow IT.
It’s not as if executives are completely unaware that employees are using shadow IT, but its pervasiveness was a surprise to CIOs. A recent Cisco study found that an average firm has 15 to 22 times more active applications running than IT departments authorized. It’s a little like thinking there was an air leak in your windowsill and then realizing the whole window is broken. With unsanctioned shadow IT, the potential for a security breach is as large as that broken window. The danger, though, is boarding up a window that could let in the sun.
The cloud has created an environment ripe for innovations, high-connectivity, and great mobility. With an increasing number of companies opting for bring-your-own-device (BYOD) environments, employees are encouraged to use their own laptops, tablets, and smartphones. The flexibility of cloud computing, combined with this personal/business device merger, has recently thrown open the door to unsanctioned applications. Fear of these applications has caused some CIOs to attempt to get rid of shadow IT, but I suggest embracing it—when you do, you can control it, keep it safe, and perhaps leverage it to your business’s advantage.
Understand the Risks
Shadow IT is not growing because of an employee effort to undermine companies; quite the opposite as individuals use these applications to increase workflow. And I am not surprised to see it growing so swiftly. As early as January of this year I explained the importance of embracing it. It’s not something you can stop. However, you must proceed with caution to the growing likelihood of proprietary data leaking out through one of the many shadow IT-driven portals.
There is a broader issue to consider as well. While organizations are pouring money and time into legacy systems and slow-moving innovations, people on the ground are racing ahead with shadow IT. The pressure to continually produce cutting-edge innovations is more than many IT departments can withstand—they generally can’t move at the same rate shadow IT can appear.
Last year, I explained that it is incumbent on companies, employees, and IT departments to be more agile than ever to survive this tidal wave of innovation—and that hasn’t changed. With many IT departments spread thin and digital innovations slow, employees take this agility to heart. It is difficult to both reward and punish out-of-the-box thinking and their own drive to improve systems and processes.
Weigh the Benefits
When work environments were hardware- and software-based, it was much easier to regulate applications. Since that’s no longer the case, many companies have been working toward stifling shadow IT to regain control. Meanwhile, a few select organizations are recognizing what to me seems obvious—that attempting to obliterate shadow IT is not the answer.
IBM recently developed the Cloud Security Enforcer, which lets companies track the applications employees are using in the workplace. Rather than disabling them, it provides a safe pathway for employees to reach these apps, mitigating security risks and providing constant feedback to organizations.
The truth is, shadow IT developments act as the first sign of operational issues. If tools the employees receive do not fully accomplish necessary tasks, they bring in or create new ones. If companies tap into these, they benefit from a crowd-sourced IT from a pool of individuals who understand gaps in the system. In some cases, deploying authorized versions of shadow IT made to complement existing systems can offset accrued costs of development that have poor adoption rates.
Create a Compromise
I firmly believe it’s in a company’s best interest to monitor shadow IT, but trying to squash it completely feels counterintuitive. Encourage the disclosure of shadow applications and work with employees and BYOD policies. Lowering risks and making applications secure is a win-win for IT, employees, and CIOs.