AI Insights
Showing results for 
Search instead for 
Did you mean: 

CIOs bring shadow IT to light (by engaging IT)

Guest post by John O'Donnell

Cloud computing has made a lot of things about enterprise IT simpler—but it has also made a few others far more complicated. Shadow IT, also known as the consumerisation of IT, was once considered a waste of money and a risk to the security and stability of the legitimate IT infrastructure, but it's often the source of most IT innovation and spending efficiency. "It's not about technology or blocking access or back office support," says Alan Guibord, co-founder of The Advisory Council International. "It's about helping the company achieve its goals through technology. It's forming stronger partnerships with others inside the organization, rather than maintaining governance and control."


Business-unit managers argue that their ability to respond to rapidly changing markets often depends on using technology IT won't provide, or at least will not provide quickly enough, Yates wrote. This has caused a wide divide between the culture of IT and end users in the enterprise; a survey of IT executives found that nearly 72 percent of executives aren't sure how many shadow applications are being used in their organization, with a mere eight percent reporting that they truly know the scope of shadow IT in their organizations. Shadow solution advocates argue that the increase in flexibility is more than worth the potential risk of using un-vetted online services, and that revenues and productivity will rise as a result.

Avoiding shadow IT

But not everyone views shadow IT with rose-colored glasses. Experts differ on the consumerisation of IT. On one hand, it can be considered a duplication or waste of resources, a source of security risks, and a way to unintentionally torpedo efforts at regulatory compliance. Doing this allows users to take sensitive data out of protected, auditable databases and put it in publicly accessible storage spaces, where it's easier to share among members of a team and where IT can't monitor it. But what about those people who you don't want to see it? It opens up more vulnerability that can be very costly.

The best way to avoid these shadow projects, however, is not to try to crush them, according to studies from IDC and Gartner. It is far more effective to partner with shadow IT managers in business units—offering training, adding security, and generally reinforcing the weaknesses of shadow projects—without shutting them down entirely.

There are other ways to reduce the appeal of rogue projects, as well. Shortening the time it takes to test and implement new information systems also reduces the frustration of end users waiting for them to be approved, as well as the likelihood that they will go outside the company to rent the technology they think they need from a cloud provider. Embracing the cloud by identifying cloud providers that are secure, then adding single sign-on gateways (automatic monitoring of potentially unsafe activity and data) can also make end-user behavior safer without keeping them from using applications they think they need.

Out of the shadows...

Being proactive about telling end users IT's concerns, identifying genuine threats and describing ways to avoid them, and being specific about online behavior that won't be tolerated will also give end users a measure of freedom without suggesting they have carte blanche to post the company's most valuable data on a social networking site.

Above all, talk to the users that make up your enterprise: They alone can answer why they aren't coming to IT with their requests, be it too much red tape in the approval/fulfillment process or even a pressure to be all-productive due to increased global competition and the necessity of being agile to survive. Identify areas of opportunity to optimize the experience of your employees as well as their workload. Communicate IT's concerns, listen to what your users need from IT, and create the middle ground where none currently exists.

...Into the light

Most experts advise CIOs to try to work with business units running shadow projects rather than closing them down altogether. Mingay advised CIOs to respond with support that can mitigate the weaknesses of business-unit-provided IT services without making IT seem like the bad guy. "Bring shadow IT out of the shadows, make it transparent, provide services that support it," he told Forbes.

The CFOs' top priority, it turns out, is creating or maintaining an enterprise-wide view of business relationships, customers, products, and vendors—a function undermined directly by almost every form of rogue IT project. Neither CIOs nor CFOs should try to stamp out this consumerisation, however; trying to deny a service that's often difficult to detect as it passes through the firewall is frustrating to both IT and end users. The CISO also needs to be involved in managing shadow IT. "CISOs," says Amrit Williams of Dark Reading, "need to put an end to draconian policies that restrict behaviors such as the use of mobile devices, cloud apps and new software tools. They need to allow the business to adopt new technologies, especially those that improve productivity and efficiency while lowering costs."

A better plan, according to former IT director at the University of Michigan Tim Rolston, is to allow user-driven IT projects where they make sense and where you can afford to protect and manage the organization with frameworks of support services, or "gap solutions." In the interim of adapting the enterprise's culture surrounding IT availability and reliability, this angle alleviates gaps created by new shadow projects without limiting the ability of employees to find innovative ways to do their jobs more effectively.

Systems that make select cloud services more accessible and more reliable; anti-malware and intrusion-prevention systems that will keep the company safer; and data-access controls that will keep sensitive data from going missing in some individual Dropbox can improve the experience and results of shadow IT projects without driving a wedge between IT and end users.

Judy-Anne Goldman
0 Kudos
About the Author


My work with HPE's Enterprise.nxt team gives me a way to share my passion for emerging technology. I love connecting people to innovation, and sharing stories that help others engage with and understand the world around them. I'm a digital nomad, often found traveling with my micro companion KC, a 10-pound mini Dachshund.

Online Expert Days - 2020
Visit this forum and get the schedules for online Expert Days where you can talk to HPE product experts, R&D and support team members and get answers...
Read more
HPE at 2020 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2020
Read more
View all