What are some concerns about shadow IT?
Independently and unanimously, the view of our clients is that Shadow IT is everywhere. There is a perception that it helps users decrease time to value while empowering them with increased agility and speed to match the evolution of business needs. The host department has direct control over its Shadow IT resources, so the business gets what it wants when it needs it, and not if or when central IT decide. However, that can cause challenges for your internal IT department:
A question of culture
Regardless of whether we talk about transformation or running the business, culture was a key discussion point. What is the cultural direction of the organisation – centralised control, localised freedom, or somewhere in the middle? Shadow IT has a perception of a free-for-all where tech is concerned, and IT leaders want a middle ground but feel that control is the only viable option.
Maintaining security and compliance
Shadow IT keeps most central IT departments awake at night with security worries, but there are other issues to consider. Shadow IT adds hidden costs to organisations, consisting largely of non-IT workers discussing, purchasing, implementing, and managing technology without appropriate governance in place. The risk of errors is increased, especially in the poor control of spreadsheets. Business processes become inconsistent as departments adopt their own methods and local ways of working which can lead to training, compliance, or audit issues. As an example, in September 2022, a dozen US banks agreed to pay over $1.8 billion in penalties for failing to monitor and stop their workers from using unauthorised messaging apps.
Innovation and sharing of ideas can also be reduced as departments look after themselves and don’t work together with IT to solve common challenges. There are also risks around data security, as data held in a spreadsheet is invariably less securely controlled than data in an ERP or CRM system. Disaster recovery and business continuity will also be impacted if IT don’t know what systems are in use.
Deviating from business strategy
Central IT cannot be a strategic business partner if it does not understand the full technology estate across the organisation. If Shadow IT is allowed to proliferate then the business will struggle to adapt to new outlooks (for example, making a game-changing acquisition or undertaking a major transformation programme). Without tackling Shadow IT, there is a risk of a never-ending downward spiral of cat (IT) and mouse (Shadow IT), where IT's new normal becomes firefighting unforeseen delivery or maintenance challenges and production incidents.
How Can You Use Shadow IT to Your Advantage?
There are numerous different models and approaches for improved service and governance in IT, but a successful reduction in the amount of Shadow IT requires a collaborative approach between the business and IT.
One approach is for IT to work with, rather than against, Shadow IT. One of our clients held an amnesty where central IT said, “we're not going to complain, we're not going to stop you, we just need to know what you're doing". Once the extent of Shadow IT was known, some key systems could be brought into the central IT remit based on compliance and risk, whereas others could remain in user departments. Introducing an innovation hub or incubator in which prototyping and experimentation is encouraged could work to drive solutions for user issues in a transparent and open way.
Find your allies
IT departments tackling Shadow IT need allies. One of the best is Finance, as they see the costs. A simple change, such as adding IT tick boxes to the financial authorisation process, can improve visibility of systems expenditure. An internal audit could also help detect Shadow IT, as it should uncover localised divergence from corporate policies and standards.
Ask your people what they need
Most important of all is that if users aren’t getting what they need, than central IT must get out and about and engage departments better. The use of business partners skilled at identifying needs and the issuing of clear communications about the risks of Shadow IT can help bring users closer to central IT.
We can help you leverage Shadow IT strategically
BJSS provides technology strategy consulting and delivery expertise to some of the largest and most complex organisations in the world.
If you want to learn more and discuss how our Technology Advisory team can help you with this topic, we will welcome the opportunity to discuss this with you.
Whether it be creating good practices, assessing sustainability in the cloud, developing technology strategy, delivering enterprise architecture, or creating a cloud strategy, our Technology Advisory team is here to help you.
Visit bjss.com/strategy-and-transformation for more information.