[ Related: 4 ways to apply SLAs to shadow IT ]
Shadow IT is not necessarily a threat to the IT organization. In fact, it can be an effective way to meet changing business needs and create a greater understanding between IT and the business. But IT leaders must do a better job of identifying, assessing and managing these once stealth systems to both manage their risk and reap their benefits. CIO.com talked to Wright about how IT organizations should rethink their relationship with this realm of IT systems.
CIO.com: The term is largely a pejorative in IT groups—or used to be. What are the legitimate reasons for concern about shadow IT
Craig Wright, managing director of outsourcing and technology consultancy Pace Harmon: Shadow IT has traditionally had negative connotations for IT groups as it is often perceived as a serious threat to the continued existence of IT as a function.
Many IT organizations have evolved over time, morphing to accommodate major transformation projects such as ERP implementations AND refreshes, re-platforming from legacy technologies to current day solutions, and extending or contracting based on mergers, acquisitions, and divestitures. As a result, the size, shape and composition of the traditional IT organization is often as confusing and complex as the myriad of technologies that are woven together into a tapestry of IT solutions that are constantly challenged to keep up with business needs.
Contrast that dynamic with shadow IT, which is often set up by the business for the business, very well aligned with the affordability and competitive demands of the business, is easily understood as it aligns perfectly with the business functions OR products, embraces the latest and greatest technologies via SaaS, PaaS, IaaS, and other consumption-based models, and is agile by design—not as a costly retrofit.
While shadow IT often appears to win over the traditional IT group, this is not the case where organizations have legitimate concerns in major technology areas, such as:
CIO.com: So what’s the upside—not just for the business, but also for the IT organization itself
Wright:Shadow IT demystifies IT. It is a trusted model, relatively inexpensive, and established along operating principles that are clear and obvious for consumers. Enterprise users of IT often have difficulties understanding the terminology and definitions of services used by IT and are even more puzzled by the costs and time to achieve desired outcomes. IT functions that recognize the value of bringing shadow IT under the IT umbrella are viewed by the business as being less intimidating and much more business intimate.
CIO.com: How can IT leaders best identify and recognize shadow IT
Wright: By its very nature shadow IT has low visibility and takes time and effort to separate out from the business functions it is woven into. IT leaders may only become aware of it when an incident occurs or an audit or security investigation identifies a new data or security vulnerability. Working with business stakeholders is the real key to identifying the existence and value of shadow IT, as well as how best to harness it.
How can IT leaders best harness the benefits that shadow IT has injected into the business
In addition to the establishment of SLAs, IT can harness benefits from shadow IT by:
CIO.com: What can CIOs do to better manage the risks of shadow IT without stifling its benefits
Wright: Risks exist in any environment that involves change—and change is definitely a constant in IT. The perceived risk of shadow IT is increased when it is delivered in stealth mode as it is unquantified and uncontrolled risk. By legitimizing the shadow capabilities, the increased visibility allows for risks to be assessed and mitigated in the context of the specific business conditions.
In developing risk mitigation strategies it is important not to use a sledgehammer to crack a nut; a one-size-fits-all mandate will likely render shadow IT dead on arrival. Challenging the norms—mixed with a reasonable amount of creativity and out-of-the-box thinking—will help ensure shadow IT benefits.
CIO.com: Where does outsourcing fit into the world of shadow IT
Wright: Shadow IT is not driven by outsourcing and—interestingly enough—can itself be an outsourced function. An outsourcing event is a great opportunity to rationalize and redefine IT services, aligning them to business outcomes and negating the need for multiple organizations [to provision IT services].
CIO.com: If you do all this to shed light on shadow IT, is it even shadow IT anymore Is there a better term for it
Wright: A better representation of shadow IT would be to recognize it as “business technology.”