David Reiss, Principal Consultant, Digital
Transformation, Equinox IT
“Shadow IT” means the creation of IT systems without specific approval of the IT team. In the good old days, this was mostly limited to users creating Microsoft Access databases and complex Excel spreadsheets.
IT teams used to feel the same way about Microsoft Excel and Access as they did about viruses. They appeared innocuous at first. But then they spread throughout the organisation, increasing IT support requirements and often resulting in company data being lost.
Staff felt justified because they made themselves more productive; it was faster than waiting for the IT team to build something. But over time, increasingly complex applications based on Excel and Access became mission-critical.
The IT teams knew that over their lifetime, these applications cause massive ongoing costs and present significant risks. But to try to stop them was to literally stand in the way of progress.
Today, most Shadow IT takes the form of cloud applications, which are simple for anyone to setup and use. Consumer services like Facebook, Google Apps and Uber have shown us all how easy cloud services can be. The IT teams, however, are tasked not only with trying to innovate quickly, but also to maintain good security and reliability. Business technology isn’t as simple as consumer solutions – and they know that “simple” doesn’t always mean “good”.
Dropbox is a cloud service many people flocked to – including business users. But hackers stole 70 million email addresses and passwords from Dropbox, which is a massive risk for business data stored there.
There is a worrying trend for businesses to look at Shadow IT as great examples of becoming digital. But in truth it is the exact opposite. Becoming truly digital means deeply and strategically incorporating technology in everything we do.
Shadow IT, on the other hand, is a very tactical response to a specific need. It is the proliferation of piecemeal solutions, which will likely limit the business in the future.
For example, being digital relies on being able to derive deep insights about customers, markets and trends using Big Data. This isn’t possible if data is scattered in a range of cloud solutions that the IT team don’t even know about.
History is repeating itself; and we need to learn from the past to avoid the same mistakes
I have witnessed many Excel spreadsheets and Access databases become part of a critical business process, only to be corrupted or deleted – with no backup in place. [Full disclosure: I was responsible for several of them]
The only way to stop the Shadow IT virus is for the business and the IT team to work together more closely. Business people need to see IT as their responsibility too – just as the IT team need to consider themselves responsible for unleashing business initiatives
Technology decisions don’t have to take months of analysis and planning. But neither should they be made in isolation. A new balance is required. You need a common language between the business and IT – a shared plan and vision of the digital future. A simple visual model is the easiest way to get everyone on board. The goal is to quickly set the direction, not the destination, so work can start quickly.
Once the direction is understood, tactical solutions can be adopted in parallel to strategic ones. Investment can be made knowing whether they are short-term "throw away" initiatives or part of the long term goal. Agile and Lean methodologies should be used where possible. These approaches (done properly) create a new culture. The barriers between the business and IT stakeholders are removed – and there’s no need for Shadow IT.