Shadow IT is a term often used to describe information-technology systems and solutions built and used by employees without approval, or even knowledge, from the firm and/or the IT department. Corporate teams use whatever equipment is accessible to them to get the job done – this includes consumer and social apps within the enterprise to exchange critical and often business sensitive information.
As new technologies and applications emerge, at what seems like a daily occurrence, it can be almost impossible for IT departments and the company as a whole to keep a handle on what software is being downloaded and used. Unfortunately, when firms lose control of the apps, gadgets and devices used to create, send and store corporate information, businesses are automatically exposed to serious security risks of data breaches, information loss and corporate security and compliance requirements. The use of Shadow IT is hence a serious corporate governance issue.
Below, we’ve outlined five of the main problems Shadow IT can create and some advice on how to tackle it effectively.
- Security Risks
Shadow IT usually becomes a problem when teams inside a corporation get impatient with IT department’s perceived inability to cater to their needs. As a result, they ‘go rogue’ and implement their own systems. The obvious problem here is security – if the IT department doesn’t know about a system then they can’t vet or test it to see if it meets the necessary security, and for some industries mandatory compliance guidelines. Ultimately, IT is responsible for the technology inside an organisation – even if it is ignorant to its existence. The first step to minimising the impact of Shadow IT on security is working out what these rogue systems are, where they’re being used and offer corporate alternatives. >> Useful reading: Why WhatsApp & Co make for risky business
- Loss of Control
Mobile apps that are downloadable at the click of a button – for free – are attractive solutions to employees who need a quick IT fix. As the Internet of Things becomes more integrated into everyday life, so does shared storage and file sharing services like Dropbox and trial-to-buy options which led employees into thinking they’re entering a commitment free process.
If IT wants to get real control over Shadow IT then it must become more agile towards the adoption of new technology and making it (or alternatives) available for business use. >>Usefull reading: How the Digital Revolution creates Cross Industry Systemic Risk (CISR)
- Creating Knowledge Siloes
When teams adopt their own technology solutions they risk separating themselves from the rest of the organisation, trapping all their team’s knowledge inside their own Shadow IT solution. As businesses grow and different departments emerge, it is helpful for everyone to be able to access all information available at all times. Using IT application on a team by team basis instead of companywide can create a siloed approach to file and information sharing and counteract the original purposes of digital applications: to create a connected workplace.
- Eroding Trust
Employees self-adopting their own tools and bringing them into the workplace is usually a sign of frustration with internally available tools. This erosion of trust can be a problem, not only in terms of the risks outlined above but also for the IT teams who want to be the trusted advisors to the business and whose roles have changed into becoming business enablers. Letting Shadow IT ‘run wild’ will only erode the trust placed into IT teams, which is essentially needed to run operations smoothly.
- Financial implications
Shadow IT usually means that tools and apps are downloaded on a team by team basis and often put through expenses or corporate credit card. The costs can add up quickly and create two major problems:
- Loss of economies of scale – This allows companies to get substantial discounts when rolling tools out company wide and is clearly lost if an applications are adopted in a scattergun approach.
- Visibility and Budgeting issues - This is a problem as costs for Shaddow IT fall outside the actual IT budget and are absorbed by departmental budgets with little to no visibility of the overall impact. It may well be that the costs for self-adopted tools work out a lot dearer than actually providing the very same tool via IT in the first place.
IT departments hold a lot of power when it comes to battling Shadow IT and if they can take the time to educate employees about the risks of using unauthorised applications and offer them corporate alternatives, it can go a long way towards preventing the adoption of them in the first place
If IT departments are seen as an agile, trusted advisor for technology choices and flexible enough to give business users what is needed, when it is needed, there will be no reason for employees to look elsewhere.