Drag Shadow IT into the light

As we close in on the last quarter of this year, IT leaders and security consultants are asked once more to gaze into their silicon balls and predict what will be their biggest security challenges for the year ahead. On the list once more is Shadow IT, a regular contender on the top ten list.

Now for the uninitiated Shadow IT is the name we give when a pesky end-user has the audacity to use their own IT equipment, apps, online services or software to achieve their goals rather than the ones we in IT have provided for them.

Now many of my peers will tout that shadow IT is a bad thing, it erodes their budgets, can potentially duplicate data, empowers Voldemort (Ok I made that one up), and if that does not scare us enough, they will roll out the deal breaker, that it “undermines the long term stability of our security platform”.

Well I for one just don’t get it, we are essentially talking about staff members that are trying to get their job done.

I think we need to ask ourselves why does Shadow IT exist in our organisations? Like mine do your IT departments focus on projects that impact the organisation’s bottom line, i.e. boosting cases, sales, clients, and improving the client journey?

And often this is often done at the expense of internal facing projects that affect the user experience or streamlining the staff journey?

You cannot manage to deliver everything and when staff are stuck between a rock and a hard place, not getting the job done on time is not an option. They may get in trouble for using rogue IT, but they will definitely get fired for not hitting targets.

Therefore the products that our users choose will most likely perform better in the processes that matter to them, so clearly the solution you have in place is letting them down in some area.

Some time ago I realised that the dream of having one unified system across a multi-disciplined firm is just that, a dream. There is not a system out there that manages all aspects for all types of work well. Instead IT leaders within multi-discipline practices need to look towards an armada of useful utilities that meet the needs of each work type, and help staff to work efficiently and productively.

So if we admit that we have gaps in our offerings should we not be looking at how we can utilise Shadow IT rather than stamp it out? If we are going to make the most of it we need to address our perceived shortcomings to convert this problem into an invaluable tool for innovation.

The perceived threats are that it undermines security, but more accurately it generates frustration because the majority of it is carried out surreptitiously behind the IT teams back. The solution to both of these problems is the same, drag Shadow IT out into the light, when you illuminate Shadow IT does it not just becomes regular IT?

Once you know what you have, you can grade your security risks against the opportunity costs lost by stifling citizen developers. You can manage how they integrate with the core data and where it ultimately stores it, granted this will add an overhead to the existing IT workload, but this is offset by increasing your development team tenfold with developers that have a deeper understanding of how the end users do their work.

The increase in innovation is not the only benefit. I have spent years trying to get resistant staff to engage with company provided IT systems, but trusting in the user’s choice and working with them on future development will generate buy-in, which in turn will be passed on to other IT approved solutions as well.

Working with them on these products will also give you insight into how they want to work, and how it can be done well, and this should shape your future development.

I promise you that citizen developers will become common place in all types of businesses in coming years, and will drive the biggest changes to innovation. Users will make things work, the way they want to work, in or out of the office, at the times they find themselves the most productive. If you become the department of NO, staff will work out how to work around you, rather than come to you with new creative ideas.

Granted embracing Shadow IT, bringing it into the light, and managing its integration with mainstream IT is a lot of work, but all departments are working hard in todays busy companies. And it will be difficult, but we are the IT department, we do mission impossible every day, difficult should be a walk in the park!