Monday, June 06, 2016

Harnessing the Power of Shadow IT

There seems to have been quite a bit of press lately about “Shadow IT” and it gives the impression that it's a new thing. Perhaps having a formally recognised name is new but shadow IT has been around throughout my (so far 28 year) career in IT and I suspect that it's much older than that.

What is Shadow IT?

Shadow IT is what happens when someone, not associated with the IT department, starts offering IT services to other parts of the business.

Shadow IT can take the form of someone bringing in software from home, downloading software or even writing their own.

Sometimes hardware is involved too with work PCs being opened, repaired, upgraded or otherwise "enhanced".

In particular, since the emergence of cheap network hardware and the explosive growth of USB, its become very common to find users trying to plug their own hardware into work systems and networks.

Sometimes new systems are developed. In one place I worked, a marketing employee rolled out a Large Lotus Approach database to interstate arms of the company before anyone noticed. Once the software was in use around the company, it couldn't be recalled. It filled a gap. Unfortunately, it also became a nightmare to support.

In recent times, shadow IT seems to be responsible for the proliferation of business data onto smartphones and tablets.

Why is Shadow IT bad news?

In the short term, Shadow IT seems helpful. They can reduce support calls and grant "technology wishes" within the organisation, particularly when IT or corporate management is slow to respond. Certainly Shadow IT is "IT for the people" and it makes employees generally happier.

Unfortunately, since Shadow IT usually lacks formal training in IT, they usually know "just enough to get themselves into trouble". The solutions they implement are often ill-considered. They often don't fit in with the corporate objectives, create incompatibilities and cause licensing headaches. They can hide deficiencies in the IT budget or corporate planning. Worst of all, they can open the business to security issues.

Can Shadow IT be positive?

The individuals who form shadow IT are often more aware of the technology problems that employees face on a day to day basis than the IT department. This is partially because the IT department is usually a "service department" and their primary objectives are to provide services and security to the business rather than to actually “further the business” of the company.

Shadow IT on the other hand, tend to come from within the business itself. They’re usually from core areas of the business and they’re aware of the difficulties in processes and the needs of people around them. Shadow IT can also help to highlight training issues within the organisation.

What does Shadow IT mean for the Business?

Every medium sized (or greater) business will have at least one or two elements of shadow IT but if you find that more than just a single individual is very active, then it means that the business has unresolved issues.

It means that either the business hardware or software isn't meeting the needs of the users, that the security is either too tight or too lapse or that there is a need for training. Quite often it means that more than one of these things is out of balance.

What can be done about Shadow IT?

While it’s not uncommon for CIOs to want to get rid of the individuals causing IT problems, the best thing to do is to actually bring shadow IT in as an informal part of the IT team.  One of the best ways to do this is to set up a regular meeting between IT and the various shadow IT people (ideally the most tech-savvy person from each department).

Give the group a name like, "technology experts" or "support team" and get the meetings formally recognised by management. Little rewards, like training, being the first to get a new PC or software can really help these people feel appreciated.

In your meetings, talk about impending systems changes, outages, frequent helpdesk calls and systems issues. Ask your group about technology problems, wants and needs and what each of their departments have been up to.

Be careful not to give outright "no" answers without due consideration -- even when you know the answer is going to be no. Remember that you're trying to help them see that IT is "here to help".

Take notes and ensure that documentation from those meetings reaches management.

Harnessing the power of Shadow IT can significantly extend the reach of your already stretched IT resources.

1 comment:

Anonymous said...

Business units sometimes engage developers and sysadmins answerable to them. This can be because central IT won't respond fast enough or because they would charge back more for the support or service than the business unit finds reasonable. Business units are "voting with their feet" simply because their needs aren't being met by central IT.