What is Shadow IT? How You Can Mitigate Security Risk - iCorps
For many, the mention of Shadow IT may evoke images of intrigue, undercover activities, and silhouettes lurking in the darkness. The term, in fact, refers to the potentially dangerous (security-wise) and illicit procurement or use of technology for the business that is without the approval – and often without the knowledge – of the IT department
Shadow IT is not a new trend. Even in the days of brick and mortar and corporate-issued desktops, tech-savvy users found ways around IT policies to load unapproved software and remain undetected.
But with the increasing availability and accessibility of technology, Shadow IT is accelerating rapidly and is, according to Freshdesk marketing analyst Sathyanarain Muralidharan, a “clear paradigm shift in enterprise buying patterns.” It is fueled by factors that include a more technology-oriented workforce, a variety of easily acquired as-a-Service solutions, and the unrelenting pace of today’s business.
In his ITSM Review article, Too Much Shadow IT? Sunlight is the Best Disinfectant, Muralidharan cites Gartner’s prediction that “by 2015, 35 percent of enterprise IT expenditures for most organizations will be managed outside the IT department’s budget.” Other analysts, including Forrester, also are monitoring the trend.
Many IT professionals fear the Shadow IT trend for the obvious loss of management control, the support responsibilities, and the security risks it poses. But it may provide exactly the opportunity the IT company needs to reengage with the business units in a more forward-thinking and open role that takes the alignment of technology and business to unprecedented levels. In either case, it’s a trend that cannot be ignored.
Why Shadow IT?
“Any manager armed with a credit card and access to the Internet can buy software thanks to vendors adopting the SaaS model,” Muralidharan notes in his ITSM Review article.
The scope of Shadow IT is not limited to software when it comes to business spend. Laptops, tablets, and other hardware can be obtained as easily and put to use within the business environment without any involvement from IT resources. “Gartner’s classification,” adds director of PwC’s Advisory Services Nauman Noor, “includes SEO tools, social media platforms, e-commerce and a variety of other” technologies.
The near-instant accessibility of these collective technologies empowers the business and its users to respond to immediate needs – particularly in today’s fast-paced and demanding business environment. This is a driving force behind the trend and is in sharp contrast to the stereotypically slow IT process of budget approvals, resources, and red tape.
It’s “a good lesson,” says Ric Harris, senior service delivery manager for Microsoft. “If IT doesn’t respond to the business, the business will flow around it. It’s inevitable, particularly in a Cloud-first world where businesses aren’t necessarily dependent on traditional long-timescale IT projects for results.”
But the “acquisition of software from dubious sources – download sites, cloud services with poor security, and ill-researched information leading to bad tech choices” create some obvious risks for the organization as a whole, says Muralidharan, and creates a catch-22 for IT. “The more IT raises concerns about the security, availability, and supportability of these technologies,” Forrester VP and principal analyst James Staten warns, “the more it is seen as the department of ‘no.’”
As far back as 2010, Staten had noted, “In the future, we expect business to take more advantage of these tech capabilities because business pressures will mandate it. Bottom line: the IT to business relationship that works today will not work 5-10 years from now.”
That future is now. So how can IT professionals transform the inevitable Shadow IT into a positive?
Shadow IT as an Opportunity
In their book, Empowered, Forrester VPs and principal analysts Josh Bernoff and Ted Schadler offer the business perspective of using technology to solve business problems. “Your customers now wield unprecedented power through social, mobile, and other technologies. Your employees are already using these technologies to transform the way you do business.” And, they warn, “You can lead them or block them. It’s your choice.”
It’s a similar message of embracing innovation for technology leaders that Muralidharan mirrors in his article. “Understanding the business needs and continuously reframing policies and processes is a given for a cutting edge IT solutions department,” he says. “It is imperative for IT to reach out actively to business units and educate them about why they exist – not to slow them down, but to help them achieve their business goals.”
The challenges for IT companies in this evolving world of Shadow IT are to be a guide, mentor, advisor, and educator, says Alan Berkson, director of community outreach at Freshdesk, and to help the business understand the risks (data security, privacy, etc.).
At the same time, these challenges present opportunities to reset the IT-business relationship and vision, and create an environment where business-based IT purchases will be brought out of the shadows – ultimately enabling the potential for more secure operations, more informed technology decisions, and unity in driving the business forward.