Jul182017

Winning a war against shadow IT is impossible. More importantly, waging such a war proves a lack of understanding. James West says IT departments must quickly learn the dynamics of the situation before completely alienating themselves. 

A recent article on publictechnology.net says that the public sector must ‘win the battle against shadow IT’.  It argues that shadow IT presents a security risk and that public sector organisations must limit the use of cloud-services and third-party apps for business purposes. 

It’s true that shadow IT poses a security risk that must be addressed.  But the biggest problem highlighted in this article is that IT departments continue to patronise and underestimate their business colleagues.

The corporate tech security myth
Just because technology has been corporate approved, it isn’t automatically secure. Huge and very sophisticated systems are being compromised on a regular basis, so distilling the problem down to silly users bringing their phones to work is naive.  This reductive view is also dangerous because it means that many organisations are ignoring the massive security threat that their ‘safe’ systems pose. 

IT security is a company-wide problem involving many parties. Yes, IT must educate workers of the dangers. But it’s just as likely that someone will click an email containing malware on their work desktop as it is they will lose their personal phone. Similarly, hackers are more likely to attack a corporate IT system rather than a personal account because they will cause more damage doing the former. 

I’m picking on this article and its point about security because it’s representative of a dangerous and damaging viewpoint within IT.  But I could reference myriad articles and conversations with IT practitioners and suppliers that offer the same perception.

The problem I refer to is that shadow IT is seen as inherently bad and business colleagues are clueless about technology.  IT departments seem to think they must ‘battle’ shadow IT and restore corporate-approved technology to its rightful position as the only supplier of technology into the business.

‘Leave technology to us’
IT departments ‘battling’ shadow IT send a clear message to the business: you don’t know what you’re doing and we do. People didn’t start adopting third party technologies because they are inherent trouble-makers. Neither do they have any intention of threatening the integrity of the IT infrastructure. They turn to shadow IT because they want to do something with technology. Either the technology prescribed isn’t suited to a task or tools are now widely available which do a much better job.

There are many instances where business units and individuals have introduced low-cost tools which transform working practices.  Think of applications such as Skype, DropBox, Google Mail and Slack. Were they introduced to the business by the IT department? Or have they been begrudgingly accepted by IT because someone else introduced them and rapid adoption made it impossible to stop?  If it’s the latter, then it’s the business – not IT – that is leading the intelligent adoption of technology.  This is a hugely important point which highlights why an IT department displaying an elitist view of technology is anachronistic. 

Shadow IT simply demonstrates supply and demand in business.  The existence of shadow IT tells us that IT is not delivering the business what it needs.  If IT ignores or denies this self-evident truth, the situation gets worse.  The business gets more frustrated at the IT department’s lack of flexibility and rebels even harder. Once this situation occurs (and many businesses are already suffering this) then the business community does become bloody-minded and anti-IT.  It’s then very difficult for IT to change this perception and expect any cooperation or support from the business.

The solution requires a major attitude readjustment.  IT departments must be more open-minded and less elitist about technology. The IT department must stop ‘battling’ shadow IT and instead take a leading role in its adoption.   

Shadow IT is not an uprising
For IT departments to remain relevant, they must cease their attempts to squash shadow IT as if it’s an uprising.  Shadow IT offers an opportunity for IT departments to cement their value.  By studying shadow IT within the organisation, smart IT professionals can establish exactly what the business needs to do with technology.  And by then taking a leading role, IT can help deliver new technologies safely into the business within secure parameters.

IT security is a huge issue and it will only be tackled by IT and business colleagues working together. A divided, siloed IT department which constantly blocks innovation will never gain the backing of the business.  However, an IT department showing a willingness to be flexible and innovative is more likely to gain the trust of the business, which in turn is more like to obey security protocols.

It’s impossible to stop shadow IT. Technology is simply moving too fast and is too accessible to block. Therefore, the battle is futile. But more importantly, battling shadow IT shows the wrong attitude and ignorance of what drives it.  IT must stop battling and instead work with the business to deliver the technology it needs.

Read the follow-up article: Should using Shadow IT be a sackable offence?

Share This:

, , ,

4 Responses to Why the ‘battle’ against shadow IT is arrogant and futile

  1. SeaGaf July 20, 2017 at 12:43 #

    Interesting viewpoint. Embracing Shadow IT and figuring out how to minimise the risk without removing the benefits brings it out of the shadows and makes IT seem a whole lot more aligned to adding value rather being seen as a cost centre than hold things back. Once you gain the confidence of your users they will come to you before they adopt shadow IT rather than you ending up with a mess to sort out after the fact. Most people want to do the right thing you just have to empower them to do so by allowing them to get their own jobs done.

    • James West July 20, 2017 at 13:26 #

      SeaGaf. Great point well made. I don’t think anyone using shadow IT is deliberately anarchic. As you say, they just want to find ways to work more effectively. If IT accepts this and tries to understand/accommodate, I think that instances of unauthorised IT will fall drastically.

  2. Noel Bruton July 31, 2017 at 17:21 #

    Shadow IT definitely has its place, especially for specialised user environments; engineering departments in universities, research labs, CAD studios, etc. But it can go wrong when it’s used more horizontally. In my IT support management consultancy engagements, I’ve known clients who have centralised IT support, only to see local shadow IT re-emerge within a matter of months. There is often a need for support that knows not just the systems, but how they apply to a given group of users, what highly localised procedures and behaviours they reflect. It’s for the questions users ask about usage, not just machinery. Incidentally, I believe that the IT department that can do that is also safer from outsourcing, but that’s another matter.

    Certainly one thing that can persuade or dissuade Shadow IT is the quality of the service IT itself provides. And in IT support, for ‘quality’, first read ‘speed’. A two-day or more turnaround for single users will chase them into the arms of alternatives, which can give rise to everything from picking the answer they want to hear to outright tinkering. If you’ve got a servicedesk that responds really quickly, but then if escalating to the 2nd line causes everything to
    s l o w w w r i g h t d o w w w n
    then you’re inviting the wrong sort of Shadow IT to provide the service the users believe they need. All that does is increase costs and risk. Most Wintel support requests can and should be resolved in minutes rather than hours as a matter of course. Our backlog management and throughput control can make a huge difference to our service, and thus, I believe, to the risk of (or need for) Shadow IT and Outsourcing.

    • James West July 31, 2017 at 17:43 #

      Very well put Noel. I agree that Shadow IT is popular because it fills a need and a more responsive service desk could certainly fulfill this need.

Leave a Reply