How to Avoid Shadow IT: An IT Leader’s Guide

Is your company suffering from Shadow IT?

Many IT leaders claim their companies are devoid of Shadow IT or that it has a very minimal presence. The CIOs and CTOs I often speak with believe they have open collaboration with other teams and an eye on all systems and tools used within their organizations. Unfortunately, research shows otherwise.

Shadow IT is much more common than most people realize and can pose a serious threat to the stable workings of the IT department as well as a company’s security.

What is Shadow IT?

Shadow IT refers to the tools and solutions workgroups build and use without IT’s approval. The issue often arises out of a need for a specific solution unrecognized or unfulfilled by the IT department, driving the workgroup to covertly implement their own solution out of desperation.

Unfortunately, these secret solutions, while borne out of good intentions to make workgroups more productive and efficient in the short run, often don’t fill the bill since they are implemented without oversight and guidance, and can hurt the organization in the long run.

Shadow IT Threats

To truly understand the negative impact of this issue, you first must understand how many risks it presents.

Security Risks

Data security is the greatest and most consequential risk factor with Shadow IT. As teams take control of their data and manipulate it through systems unsupported by IT, they open up this data to a world of risk. Workgroups often to fail to consider how proprietary and sensitive company data moves through the application. Teams aren’t trained to look for weak spots in the application, where individuals outside the organization could gain access to the data. These under-the-radar solutions often exist outside of the company network as well, putting sensitive information at serious risk of hacking, corruption without backup, or critical loss.

Decrease in Productivity

Most workgroups jump into implementing a Shadow IT solution to increase productivity and save time. Unfortunately, they often don’t accomplish this goal. Instead, they end up spending a significant amount of time setting up technology they’re unfamiliar with and manipulating their processes and data to work within it. When they need to make a tweak to these inputs, they may end up spending hours of effort, whereas a member of the IT team could resolve the change in mere minutes. Furthermore, having implemented the solution on their own without guidance from IT, they have no assurance that the solution will even deliver the capabilities or productivity they hoped for.

Lack of Quality Assurance

A successful IT team mercilessly tests new programs and applications before releasing them to the rest of their company. During this process, they know what to look for and how to identify breakdowns in capabilities and functionalities. Workgroups unfamiliar with this process often move forward without even thinking about the possibility of bugs, let alone testing for issues themselves.

Domino Effect

What happens when Nancy in accounting tells Tim in HR about the new application she launched to help her with her weekly reporting? If she piques his interest, he could look into finding his own solution to his data challenges or adapt and re-use hers, propagating a problematic situation. Now not only is client invoice data at risk, but sensitive employee data could follow suit.

Decrease in Collaboration with IT

While every workgroup endeavors to innovate, those closest to breakthroughs in technology, i.e. the IT department, have the best grasp on what is truly possible for their organizations. Once workgroups feel disconnected from IT, however, the sharing of ideas and needs often comes to a screeching halt. Without open lines of communication, IT has even less insight into what each workgroup needs, and the effect can snowball.

Duplication of Effort

In some cases, IT is aware of a specific workgroup’s challenges and is actively trying to find an application to address them. Unfortunately, due to a breakdown in communication, the workgroup isn’t aware of these efforts and implements their own solution. This duplicates effort and wastes a great deal of time.

Think You’ve Avoided Shadow IT? Think Again.

In spite of these risk factors, many CTOs and CIOS vastly underestimate the impact of Shadow IT within their organization. They are not aware of the ecosystem of unknown IT solutions right under their noses and/or fail to worry about their risk and potential negative impact.

In fact, according to a study from CEB (now Gartner), IT leaders believe they control 80% of their budget but really only control 60%. That other 40% of the budget is going to Shadow IT. ServerCentral estimates that by 2027, 90% of IT budget will be spent by other departments.

IT Leaders think they control 80% of their budget, but they really only control 60% of it.

How IT Leaders Can Avoid Shadow IT

1. Talk with Those Outside of IT More Often

Formally and regularly check in with workgroups to ensure their needs are being met. Are they craving a specific functionality to make their jobs easier? Help them find a solution you can get on board with. Encourage them to reach out to you next time they have a challenge they think technology could fix.

2. Make IT More Accessible

IT can be intimidating. Encourage your teams to reach out and engage with other workgroups often. Provide information about what you do and why; explain it in terms and contexts they can understand. Assure them that one of your most important goals is to help them achieve their goals faster and more efficiently. Embolden them to approach your IT team with any and all technology questions.

3. Speed Up Response Times

What currently happens when a workgroup makes a request for a solution or expresses difficulty with an existing IT-approved technology? Typically, IT makes a ticket and decides to address it “later,” not prioritizing the workgroup’s need. After a long wait, the workgroup resolves to find a solution on their own. To avoid this, keep lines of communication open and provide regular updates to all teams involved.

4. Educate Colleagues

Help your company understand the implications of Shadow IT and the benefits of increased collaboration with the IT department. Consider showing them case studies of Shadow IT gone wrong – share with them the implications of rogue, unapproved technologies.

5. Stay on Top of Innovative Technologies

You can also stay ahead of your company’s workgroups by knowing about new solutions before they do. This requires quite a bit of effort for an IT team. They must monitor all fields relevant to their workgroups and understand how emerging technologies within them could empower them. This puts IT in an ideal situation to pitch solutions to each workgroup, instead of the other way around. You can research each option and choose to present only the strongest and best-aligned solutions.

6. Identify and Fill the Gaps

You may find a workgroup needs a solution that doesn’t exist. Rather than encourage and support them in an endeavor to patch together a shoddy collection of home-grown or slickly-marketed tools built by amateur developers, consider building a custom solution for their needs. If you don’t have the development resources for this effort or your existing IT team doesn’t have the expertise, consider partnering with an experienced team.

Pivoting to Avoid Shadow IT

As Shadow IT becomes a bigger issue, CIOs face growing pressure to keep their company data safe and monitor all internal technologies. Without the cooperation and collaboration of all company workgroups, this task is impossible.

To minimize risk, I encourage you to run an audit of all systems that fall outside your purview. Which pose an actual threat, and which can you adopt under your umbrella of systems?

Following this internal review, I encourage you to put together a plan of how to support other workgroups moving forward.

If you need help integrating systems or building custom solutions to meet the needs of specific workgroups, our team may make a great partner for yours. Contact us to learn more about how we work with businesses to reduce Shadow IT and encourage collaboration between teams.

5 thoughts on “How to Avoid Shadow IT: An IT Leader’s Guide”

  1. I just wonder why IT often rejects FileMaker, saying ΓÇ£it is not an enterprise standard programΓÇ¥. They would rather bring in a more complicated database solution that is ΓÇ£enter pride standardΓÇ¥, costs 10 times more, takes 18 months to deliver & when implemented doesnΓÇÖt solve the problem. So, it never gets used.

  2. As the previous poster acknowledged, I have bumped shoulders with several University Staff and Hospital Staff over the years that had come to DevCon to learn how to better utilize this ΓÇ£newΓÇ¥ software they had purchased (typically using personal funds not corporate) called FileMaker Pro, had created the humble beginnings of a useful database, and wanted to explore itΓÇÖs capabilities. They had tried the official IT route, been turned down or been exasperated at the time, cost, and/or approval process and had discovered how quickly and easily they could do it themselves using FileMaker.
    Although you have excellent arguments in this article how it has an ugly side, this has also allowed FileMaker to enter into large corporations in a way that your article is arguing against. Double edged sword!

  3. Pingback: Today’s Biggest Cyber Security Threat is Inside Your Business – WTW Jasa Sdn Bhd

  4. Pingback: Shadow IT is Today's Biggest Cyber Threat to Businesses - Blockchain Education Academy

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top