<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1078844192138377&amp;ev=PageView&amp;noscript=1">

Blog

Shadow Technologies Drop Security Risks and Drive Business Value — if You Let Them

Shadow technologies can send a chill down the spine of any IT professional tasked with keeping an organization secure.

The security risks of shadow technology are well documented and very real. What they fail to account for, though, are the many benefits shadow tech can deliver to your business.

When business units control technology spending, they’re able to select tools that better fit their needs. They’re also able to move much quicker than the traditional IT purchasing process, keeping up with the pace of enterprise software innovation. The best and newest tools will give your teams a competitive edge — all while your peers are stuck filling out procurement paperwork.

Decentralizing IT can reduce time to market by two years, per Gartner.


The way you make Shadow IT a net positive for your organization is to declare it one, then find a partner who can put the infrastructure in place to make it so. Here’s what you need to know about
shadow information technology to reduce your risks and drive business value:

Shadow technologies will only grow — and your competitors will take advantage

If you’ve ever tried to take away casual Friday, you know that you can’t restrict employee freedoms without a healthy backlash. Shadow use is no different.

Your employees are already finding and using their own cloud solutions without consulting IT. If you crack down, the most ambitious people will leave for a company that allows them to control and experiment with their tech.

What’s worse, by restricting shadow applications, you’re also staving off company-wide innovation. It just doesn’t make sense.

As technology becomes ever-more critical to success, individual employees will continue to push aggressively for ownership over their tools. Smart IT departments will give it to them.  

On average, CIOs thought they had 51 cloud services running. The real number was 730.

IT departments underestimate shadow usage by a factor of 15 to 22, according to Cisco.

Gartner’s Shadow IT report posits that companies have five years to figure out how to decentralize at least a quarter of their IT purchasing if they want to have a chance at transformative digital innovation. Those that fail to innovate — that take two years longer than their shadow IT-supporting competitors to get to market — well, there’s not likely to be much market share left for them after five years anyway.

Our own research and experience at ServerCentral indicates that by 2025, business units will control 90 percent of IT spending, while IT departments work to orchestrate and secure the needed solutions. Flipping IT procurement on its head will give business units the authority to drive innovation, pushing the whole company forward.


Coming to terms with business unit IT is mandatory for digital business success. A business unit IT strategy should be a priority.

Kurt Potter
VP Distinguished Analyst at Gartner


Building a shadow IT policy that spurs innovation and reduces risk

The first step to realizing the benefits of shadow technologies is to define shadow IT policies that work for your company. Every industry is governed by different data protocols and levels of risk.

Before you can deliver value, you must make sure your shadow information systems are doing no harm.

We often have the opportunity to help organizations work through this process.

We start by explaining that we can build new foundations and create strategies to balance innovation and security without sacrificing either.

It doesn’t have to happen over night — in fact, it won’t. But we can kick things off by coming in as a third party and just asking questions about where things are and what people need to get their jobs done. Once we know that, we can start identifying the tools to deliver shadow support that protects your company without hamstringing your employees.


If IT simply becomes the department of ‘No’, employees will find a way around it. Instead, IT needs to become the department of ‘Yes, as long as company security requirements are met.’

Martin Johnson
Senior Director of Cloud Product Marketing at Blue Coat in Bloomberg


 

A shadow IT definition for the future

All of that leaves us with the question of what today’s IT organizations will become. In this, our predictions follow Gartner’s:

In the past, IT was the operator of the technology. In the future, it will be the orchestrator of the technology.

If you look at the software market today, the hot products are orchestration tools that help balance workloads and distribute the appropriate technology so people can get done what they need to get done. IT will still have some say in the selection of tools your employees use — after all, someone needs to make sure the company doesn’t go for the Betamax while the industry goes for the VCR.

But by and large, IT operations five years from now will be listening to employees, supporting the tools they want, and finding ways to share the value of those tools across departments.

Through the work of smart IT departments, the term “shadow application” will become obsolete. Instead, IT teams will provide the support necessary to bring shadow information and resources into the light. Instead of hiding their tools — and risking spiraling costs and security breaches — business units will turn to IT to make them even better.

How to build a process that eliminates the shadow resource

To get to this future of IT, employers will have to make some dramatic changes. They’ll need to find cloud partners who can build the hybrid infrastructures and distributed databases that will support any tools the business units choose while keeping data secure.

Internally, they’ll need to transition from hiring engineers who operate VMware and manage on-premise servers to hiring engineers who know how to glue systems together with APIs and deliver accurate reporting on how services are being used.

Pretty soon, the idea of hiring an IT employee who does anything other than program will be anathema.

That also means that IT teams will need to be evaluated against wholly different KPIs and goals. When the job adjusts to support innovation, the reward structure must as well.


IT can transform itself from ‘We build everything’ to ‘Here’s how to build it,’ and thus be viewed as a competency center focused not on technology, but on process creation and refinement.

Jill Dyche
Vice President of Thought Leadership at SAS in HBR


The IT organization of the future should be a laboratory.

To enable digital transformation, IT must stop being seen as a blockade to getting things done and start being seen as a partner in experimentation and problem solving.

Instead of avoiding IT because we expect a “no,” we should approach IT expecting a “sure, let’s try it.”

The best way to fight shadows is open and honest communication, after all. If we can learn to treat IT like a team of mad scientists there to help, we'll all be positioned for more success.


Read more about how shadow IT works:

Topics: Security Tips