Managing Shadow IT without Destroying Innovation

In the past, we’ve suggested ways to minimise shadow IT via active projects and provider management. However, IT consumerisation has expanded to the point where many organisations no longer know how many applications they have running. According to an article on Dark Reading’s cyber-security site, CIOs report that hidden applications used in their activities can often increase this amount by hundreds. Indeed, there are various reasons why Shadow IT has prospered.

Firstly, IT request records are lengthy by nature. Considering your strong business ethics, you can’t keep users waiting.

Furthermore, most users do not want to deal with this, because it’s felt IT departments have too much control and professionals are sometimes perceived as condescending, especially when using unknown jargon in their correspondence with less technically savvy people.

Shadow IT’s disadvantages are well documented. For one, serious security problems can arise due to unsupported and untested technology used by the company in question, as users bypass standard IT security procedures. Secondly, if an employee stores confidential data in a personal Dropbox or Google Drive account, the threat of violation and data protection policies are omnipresent.”

This does not mean much to users who have no direct responsibility for security or applications that sign up to work with other business applications and systems.

Moreover, once the dotted lines in contracts are signed with suppliers, users do not have much interest in managing relationships with them.

As a result, the growth and maintenance of IT in the shadows is a dilemma for users, IT and the CEO. Ultimately, it’s also true that the only lens through which these challenges and concerns are viewed is that of the business itself.

Most corporate CEOs would probably say this:

“The company must be agile, innovative and receptive to constantly changing business conditions to overcome their competitors.

Users are in the best position to understand business needs, so if they can develop applications, this is beneficial. At the same time, companies cannot afford to ignore governance, security, data custody and technology expenditure. A central business unit needs to address this, while the core competency for such a task is clearly IT based.

How Do CIOS And IT Managers Learn To Work Through This New Shadow IT Line?

1. Adopt the End User’s Innovation: Do Not Discourage It

Experts believe that end users feel more comfortable in developing applications without IT knowledge and assistance. This can instill fear amongst CIOs, who are ultimately responsible for governance and security. However, with the help of easy-to-use application development tools, users can quickly introduce new applications to the market.

2. Publish Application Guidelines for End-User Application Developers

One way in which CIOs can inspire end-user growth is through the publication of a series of strategies, aimed at addressing features such as security and governance. The guide could include an IT helpline to answer various questions. This performs three functions:

  • Establishes a cooperative relationship between developers of final business applications and IT
  • Educates end users on important government and safety standards
  • Offers IT (and the company) a more in-depth view of the number of applications that are created, so that they can access a central IT resource portfolio and monitor them.

3. Manage the Portfolio of Business Applications

IT is best suited for managing a company’s general application portfolio. This must include each application, whether developed in IT or by an end user. Each year, an internal IT auditor or librarian must check the network log to review resident applications and compare them with the IT asset management system to make sure they match. In case of discrepancies, you must visit the IT or final business area that created the application to capture any additional information necessary for the application, as well as to emphasise future compliance with a policy that requires new applications to be reported to IT (in order to enter the Resource Management System at the time they’re developed).

4. Be Strict About Governance and Security When You Have To Be

James of stated that “with regular occurrences of data breaches, no company protective of their product and image will be able to take shortcuts in relation to the security and governance of applications and data. Therefore, every organization needs to be strict as regards safety of customers data.”

Shadow IT is a clear risk and IT departments have every right to take a hard line in case of a protocol violation. However, there is also room for temperance. For instance, many end-user applications and reports are created in the context of third-party software that features comprehensive standards of governance and security. An example is a commercial CRM package that offers users simple ways to create panels. These are applications that IT does not need to monitor.

5. Accept the Responsibilities of Supplier Management

It’s known that end users register with suppliers and then forget the agreements they’ve signed. Focusing on business, they are more than happy to cede these relationships with IT vendors, who may worry about SLA compliance. Many CIOs do not appreciate this, but it’s something that they must overcome, as no department handles relationships with technology providers more effectively than IT.

James Cummings is a leading digital marketing expert, brand analyst and business psychologist. He’s an experienced senior manager who has worked closely with global brands to deliver staffing solutions. He has interfaced at board level with FTSE 100 companies and successfully managed multiple web projects across different niches to their full cycle. Working with a team of top level digital media professionals from around the globe, James’ Wordpress portfolio currently spans over 40 properties.