For as long as users have had access to mobile devices and the Internet, there has been a tension between IT departments and the end-user communities they serve. On the one hand, IT needs to impose standards on the technology real estate for ease of administration, cost control and security. On the other, some end-users have strong feelings about which digital tools they believe to be the best for their purposes.
The finely tuned balance between IT control and end-user preference has come under ever growing strain this year as a result of more people needing to work from home due to the pandemic. Many IT departments were poorly prepared for the challenges of remote work, opening gaps for end-users to find workarounds for apps and services they could not access from home.
Plus, in the mad scramble to enable remote working for end-users who were traditionally office-bound, IT teams could perhaps not pay as much attention to setting standards and policies as they would have liked to.
As an example, while our organisation was able to equip our teams with notebooks, monitors and desktops to enable them to Work From Home (WFH) at the start of the Lockdown, we soon discovered that we had insufficient APNs to allow staff to connect to the Internet. We had moved rapidly on so many aspects of WFH and had insufficient time to take that into account. We have recently made working remotely permanent and every employee now has an allowance for Internet connectivity, solving that problem.
Many users have now had a taste of using their own tools to meet their business needs—and some might feel that these solutions fit their requirements better than those prescribed by the IT department. With the Work From Home (WFH) genie now out of the bottle, many CIOs are reflecting on how they can take back control. Easier said than done when an end-user with a company card can simply sign up for a software-as-a-service subscription.
The risks of letting shadow IT spread
Nonetheless, the risks of unmanaged IT remain high. When every department uses its financial software, productivity tools, or customer relationship management system, a company might not benefit from economies of scale. It may face higher integration, support and administration costs, as well as difficulty in scaling the tools people use to collaborate and share data.
What’s more, shadow IT might increase the risk of breaches or data leakages because it doesn’t meet the enterprise’s basic standards and because it’s not under the management of the IT department. People could be flouting security policies, putting the company at financial, reputational and legal risk.
Shadow IT can also lead to data siloes, with important information scattered across multiple in-house and cloud systems. This will hamper collaboration across groups and departments. Plus, the organisation might not know which data it has collected or be able to efficiently share and leverage it across the business.
Clearly, it’s not in the best interests of an organisation or the IT department to let shadow IT spread unhindered. So, what is to be done? There is no one-size-fits-all answer to this question because an organisation’s needs may vary depending on how heavily its industry is regulated and its culture.
That said, an approach that focuses on education and cooperation rather than prescription is generally best. The most successful IT departments are those that collaborate with teams to understand their requirements and provide solutions. They will also focus on showing people why shadow IT is potentially risky or expensive to the business.
In some cases, they might take a more relaxed approach of defining some minimal security and architectural requirements for any technology people want to introduce, but banks, public sector organisations, healthcare companies and other regulated entities might impose stricter rules and policies.
This could mean providing a menu of approved products and solutions or creating a process to rapidly evaluate and approve any platforms and tools users and departments want to introduce into the business. There is usually a middle ground that works for both the users and the technology department.
Addressing shadow IT
Addressing shadow IT should start with an audit to find out how prevalent non-IT supported technology is in the business. IT departments will benefit from talking to users to understand why they have gone ‘rogue’ and how they can be encouraged to stick with the preferred technologies. Once shadow IT is regularised, the rules must be enforced consistently.
Many end-users report that shadow IT has helped them to improve productivity and drive innovation. They might be more engaged with their work and satisfied with their tools. IT departments should look for ways to channel these benefits without compromising on cost and security.
This is about frequent dialogue with the users in the business to build trust and cooperation. The technology department could use tools such as user satisfaction surveys, focus groups and design thinking to ensure it is keeping up with users’ real needs.
The author contributed this piece in his capacity as Chief Digital Officer, Tarsus Distribution