Shadow IT coming out into the light?

By Laura Haight

Originally published as The Digital Maven in the Upstate Business Journal, Sept. 11, 2014

The past 17 years or so have been quite a roller-coaster ride for IT. The profession has traveled full circle from “geeks we’re stuck with” prior to Y2K (ask your mom) to integral business partners at the right hand of the CEO back to “geeks we’re stuck with.”

Sure, IT departments existed long before Y2K, but they were the province of bigger businesses with data centers and programmers. But the early 2000s brought a new wave of professionals and most businesses came to realize that they really needed an IT staff of some kind. Riding the wave, IT expanded and upped its game. Professional standards were established, policies and procedures developed and IT took on a major role in not only supporting business functions but developing new business strategies that took advantage of emerging technologies. 

Don’t get me wrong, plenty of that is going on today and will grow significantly in importance.

But along with this growth in stature there’s a sense that IT has gotten too big for its britches, spurring a disruptive trend called “Shadow IT”. 

Shadow IT has been around since the dawn of the PC age. It’s really little more than skilled users who are not technically part of the IT staff working behind the scenes and without any approvals or formal role to “expedite” issues for fellow workers. This “work around” to the more cumbersome and often lengthy approval processes IT departments developed for new systems or change management was pretty common for years. As systems became more complex and IT locked down access and monitored role-based security much more carefully, this 1.0 version of Shadow IT faded away.

Well it's back and version 2.0, as the Gartner Group refers to it, may not be so easily dismissed. 

Keep in mind that the mobile computing environment that killed the desktop PC and has put laptops in intensive care is only seven years old. The first iPhone — the device that presaged the entire shift in computing and communications — was only released in June 2007. Since that time, IT department have struggled to keep up with personal devices, tablets, laplets, cloud computing and software services instead of shrink-wrapped applications.

The epic speed at which the computing landscape changed has put the user back into the drivers’ seat. New technology is less expensive, new online services are accessible and apps can be downloaded and experimented with in minutes and for low-barrier cost. IT departments — to avoid the “rock-in-the-middle-of-the-road” label — have had to learn to adapt to individuals using personal devices at work (BYOD). Those devices aren’t under IT’s control and users and their managers are less inclined to want to hear complaints from the IT staff about control issues. 

At the same time, security threats are at an all-time high, so professional technologists must figure out how to keep sensitive business assets secure while they are being accessed by devices the company doesn’t own or manage. Scary stuff. 

And now, users are taking back control in an even bigger way. A 2013 survey commissioned by McAfee, the internet security giant, interviewed 600 employees at large companies (those with over 1000 employees), found 80 percent admit to using non-approved SaaS (Software as a Service) applications in their jobs. Non-approved applications accounted for more than 35 percent of the SaaS apps companies were using. 

The survey also found that the term Shadow IT may be a bit of a misnomer since employees have become quite open about what they are doing. And, even though they are going rogue, these employees in many cases are operating with the knowledge and tacit approval of their department.

What’s wrong with this? In many ways, nothing. But it does show that IT may have hurt itself with over control and a perceived lack of responsiveness to business needs. If IT is going to regain it’s place at the table, according to the Gartner Group, it needs to recast itself as an innovation lab, welcoming the partnership of key staffers in the business who understand both the technology AND the business potential. 

Technology is not the goal — it is only a means to an end. If businesses find their line staffers “get that” more than their IT department, Shadow IT won’t be in the shadows for long.