In the age of the cloud, it’s become easy to find software to solve any problem. Further, it’s generally really easy to setup and begin using cloud applications without any help. Making this type of decision without discussing it with your company’s IT department can be a grave mistake, though. In the industry, this is called ‘Shadow IT’.
Shadow IT has been around far longer than cloud technology. The term can apply to any technology or system infrastructure decisions made without consulting the IT department. This article from 2004 outlines the massive expenditures around Shadow IT at that time. The meaning of the word remains the same, but the method has changed.
In the past, purchasing hardware and software by non-technical executives would be a challenge. The convenience, price, and accessibility of cloud solutions has fueled a new age of Shadow IT. It’s become easier than ever, while maintaining its prior level of insecurity.
Why Shadow IT Exists
Usually when the decision to purchase software arises, it’s to solve a problem. The solution may tout itself as the best option for the best price. It can increase productivity and communication. Whatever it does, it fits a need.
The reason employees don’t consult their IT department before implementing a new solution can vary. The IT department’s review may add extra time to the process, or there may be fear that the solution won’t be approved.
Why It’s Risky
First, there are security risks. If the IT department isn’t aware of a new piece of software, they will also be unable to assess the security risks it may pose. If important and confidential company information is being stored in a cloud solution, and that solution is compromised (See: Google Drive and Dropbox breach).
Second, the costs to maintain or integrate systems that haven’t been properly vetted can be higher than the upfront cost. When picking out new solutions, the IT team can determine whether software is compatible with current systems. Before choosing software based on cost, secondary cost should be considered.
Lastly, for organizations with strict compliance requirements, Shadow IT can pose a large risk. New software that is selected without talking with IT may not meet government or agency regulations. That can add up to large fines, and plenty of work undoing the damage later. This happens frequency with consumer grade cloud services. They may at first glance seem to meet the functional and budgetary requirements, but don’t meet data compliance requirements.
How to Handle Shadow IT
Some aspects of integrating your entire team with your IT department can be beneficial. Consider having an open door policy and enabling team members to make recommendations based on their needs. With the input of the company as a whole, the IT team is able to evolve to meet the demands of the staff.
If your organization deals with a lot of Shadow IT, long term cultural changes may be in order. IT should work closely with HR to make policies and enforce them. Buy-in from top level executives and the HR department is essential in getting the rest of the team to understand that Shadow IT is a serious matter.
If you’re considering adding new software, and you aren’t sure if it will integrate with your current systems, please contact us. Sierra Experts is happy to provide no-nonsense technical advice. If you have picked out a solution that really fits your needs, but can’t integrate with legacy systems, we can even help you create custom middleware.
—
Sierra Experts is an IT Managed Service and Support provider, specializing in remote monitoring and remote management of computing systems, cloud/virtual systems hosting, VoIP/SIP PBX trunks and solutions, physical server hosting, software development and hardware and software reselling. For more, check out sierr001-2.sierradevops.com
