Should We Embrace Shadow IT or Shut It Down?

    By James Armstrong, Enterprise Architect

    James Armstrong

    We regularly hear from technology leaders raising their concerns about technology being procured and implemented outside of the IT department, notably referred to as shadow IT.

    Leaders are primarily concerned about uncontrolled costs, security exposure, and alignment to standards. Not to mention the lack of support and operational management of these systems, some of which are in production. More worries focus on technology duplication, governance, and culture impact due to changes in quality, reputation, and threat, especially when the Shadow IT is a better solution.

    In this blog, I’ve collated expertise and insights from across BJSS on Shadow IT and distilled into some guidance on how to use it more strategically.

    What is Shadow IT?

    Our straightforward definition of Shadow IT is hardware, software, and technology services outside the control of the central IT department. For the purposes of this blog, let’s assume your organisation has a defined IT department.

    IT leaders have shared with us why they believe Shadow IT emerges. A common view is that it occurs when users believe that the IT department is not providing the service or tools needed by the business at the pace the business needs. There is often the perception amongst the business that IT is expensive, restrictive, and slow.

    The challenge for IT departments is that, other than for enterprise-wide systems, controlled IT initiatives and systems will almost never be the easiest option, if only because the governance IT requires is - for good reasons - inevitably slower and more cumbersome than building something, for example, in Excel, or by using a free cloud account, or by getting a corporate card out and buying an online service.

    What are some concerns about shadow IT?

    Independently and unanimously, the view of our clients is that Shadow IT is everywhere. There is a perception that it helps users decrease time to value while empowering them with increased agility and speed to match the evolution of business needs. The host department has direct control over its Shadow IT resources, so the business gets what it wants when it needs it, and not if or when central IT decide. However, that can cause challenges for your internal IT department:

    A question of culture

    Regardless of whether we talk about transformation or running the business, culture was a key discussion point. What is the cultural direction of the organisation – centralised control, localised freedom, or somewhere in the middle? Shadow IT has a perception of a free-for-all where tech is concerned, and IT leaders want a middle ground but feel that control is the only viable option.

    Maintaining security and compliance

    Shadow IT keeps most central IT departments awake at night with security worries, but there are other issues to consider. Shadow IT adds hidden costs to organisations, consisting largely of non-IT workers discussing, purchasing, implementing, and managing technology without appropriate governance in place. The risk of errors is increased, especially in the poor control of spreadsheets. Business processes become inconsistent as departments adopt their own methods and local ways of working which can lead to training, compliance, or audit issues. As an example, in September 2022, a dozen US banks agreed to pay over $1.8 billion in penalties for failing to monitor and stop their workers from using unauthorised messaging apps.

    Innovation and sharing of ideas can also be reduced as departments look after themselves and don’t work together with IT to solve common challenges. There are also risks around data security, as data held in a spreadsheet is invariably less securely controlled than data in an ERP or CRM system. Disaster recovery and business continuity will also be impacted if IT don’t know what systems are in use.

    Deviating from business strategy

    Central IT cannot be a strategic business partner if it does not understand the full technology estate across the organisation. If Shadow IT is allowed to proliferate then the business will struggle to adapt to new outlooks (for example, making a game-changing acquisition or undertaking a major transformation programme). Without tackling Shadow IT, there is a risk of a never-ending downward spiral of cat (IT) and mouse (Shadow IT), where IT's new normal becomes firefighting unforeseen delivery or maintenance challenges and production incidents.

    How Can You Use Shadow IT to Your Advantage?

    There are numerous different models and approaches for improved service and governance in IT, but a successful reduction in the amount of Shadow IT requires a collaborative approach between the business and IT.

    Work together

    One approach is for IT to work with, rather than against, Shadow IT. One of our clients held an amnesty where central IT said, “we're not going to complain, we're not going to stop you, we just need to know what you're doing". Once the extent of Shadow IT was known, some key systems could be brought into the central IT remit based on compliance and risk, whereas others could remain in user departments. Introducing an innovation hub or incubator in which prototyping and experimentation is encouraged could work to drive solutions for user issues in a transparent and open way.

    Find your allies

    IT departments tackling Shadow IT need allies. One of the best is Finance, as they see the costs. A simple change, such as adding IT tick boxes to the financial authorisation process, can improve visibility of systems expenditure. An internal audit could also help detect Shadow IT, as it should uncover localised divergence from corporate policies and standards.

    Ask your people what they need

    Most important of all is that if users aren’t getting what they need, than central IT must get out and about and engage departments better. The use of business partners skilled at identifying needs and the issuing of clear communications about the risks of Shadow IT can help bring users closer to central IT.

    We can help you leverage Shadow IT strategically

    BJSS provides technology strategy consulting and delivery expertise to some of the largest and most complex organisations in the world.

    If you want to learn more and discuss how our Technology Advisory team can help you with this topic, we will welcome the opportunity to discuss this with you.

    Whether it be creating good practices, assessing sustainability in the cloud, developing technology strategy, delivering enterprise architecture, or creating a cloud strategy, our Technology Advisory team is here to help you.

    Visit bjss.com/strategy-and-transformation for more information.

    EXPANDING
    POSSIBILITIES

    princess-awards-2021-logo-white
       © 2023 BJSS Limited. Registered in England with company number 2777575 VAT Number GB613295452. ‘Enterprise Agile®’ and ‘BJSS Enterprise Agile®’ are registered trademarks of BJSS Limited.