How To Control Shadow IT

The ready availability of cloud services has eroded IT's control. Here are some ways to wrest it back.

Penny Collen

November 4, 2015

5 Min Read
Network Computing logo

Cloud services have made shadow IT the bane of life for many CIOs, but the phenomenon has actually been lurking for years. While it was fairly easy to control IT in the days of the mainframe  -- no single department could afford the investment in hardware and applications to run things independently, let alone have the necessary knowledge and skills --  the advent of managed hosting changed things. Soon, IT was taking inventory at midnight, trying to find out where unauthorized equipment was hidden. Another wave of shadows emerged with the distribution of personal computers. Staffs outside of IT used corporate credit cards and expense accounts to buy laptops and  popular applications at the local computer store.

Then when cloud technology adoption took off, the shadows grew deeper. Now we have mobile devices with mobile apps downloaded in seconds from the cloud, all satisfying some distinct business “need.” The Internet of Things is becoming integrated into daily lives, along with shared storage services like Dropbox and Google Drive. Service provisioning makes it easy to procure resources with no commitment and no internal approvals. Trial-to-buy sucks users in who believe there is no financial commitment -- until of course finance gets the credit card statement. We read and respond to business emails on our mobile devices, sometimes sharing attachments with others.

For years, shadow IT was recognized as an economic challenge. Money being spent outside of IT leads to a proliferation of unrelated solutions. Economies of scale are supposed to be realized when the CIO controls buying decisions and enforces standards across the entire business. Applications are integrated to share data, reducing waste, errors and data synchronization issues. Failure to have a “single source of truth” for critical reports results in wasted time and gross inefficiency. Productivity slips as employees try to understand conflicting reports, making consolidation of data difficult. Sadly, as business users get their service up quickly, the desire to use shadow IT to “fix” a problem actually increases.

Today’s highly mobile world presents another major issue: security threats. People love new technology and want to share the shortcuts they have found.  If the new skill or new app appears to help in the workplace, it spreads like wildfire.  Unfortunately, when IT loses control of the applications and devices employees are using to create, send, and store confidential corporate information, risks of data breaches soar. The cost of determining the source of the breach, and taking corrective action can be great, and  failure to meet compliance requirements can have serious legal consequences, including fines. Security breaches can lead to damaged corporate reputations and loss of public trust.

Figure 1:

Image: geralt via Pixabay

Shadow IT will never disappear, however, action can be taken action to reduce the impact on your organization. First, understand where it is happening, then figure out why it is happening. Bringing dollars into the IT budget to centralize payments is only part of the solution; steps must be taken to deal with the root cause.  In most cases, IT is perceived as a road block, slow and reluctant to embrace change. IT needs to step up to the challenge of changing its image by become more agile in adopting new technology and making it available for the business.

In order to get shadow IT under control, identify what’s being used without company approval. Finance may have reports of payments classified as technology that were paid directly to vendors by non-IT departments. Network tracking and analysis can reveal IP addresses for destinations stored on your routers. Don’t overlook the obvious water cooler chatter; people who have found what they think are good solutions are often eager to share that news.  Increasing communications between the CIO and other department heads can reveal shadow IT activities.

Once charges are identified, centralize the invoicing under the IT budget. In order to best manage these invoices, the CIO needs a robust IT financial management tool that can assimilate a variety of supplier invoices. It's important to understand exactly what resources are being used, how frequently they are used, and who is using them. There must be an understanding of why the money is being spent, associating the consumption with applications or business functions to assess the value being delivered. Providers need to be managed not only financially, but strategically from a resource basis to ensure the corporation is using the right providers with the right service offerings at the right price and service level.

The CIO also must transform IT into an organization recognized for its agility. This can only happen when the CIO begins from an educated vantage point, using comprehensive information related to how applications and devices are being used across business units, departments, and locations. Historical details by technology type facilitate forecasting and the ability to manage costs effectively. Tracking demand by consuming organization and matching that demand with supply will maximize efficiencies, allowing IT to deliver services in a more timely manner and also save money.

When IT becomes a trusted advisor for technology choices, the entire corporation benefits. IT would much rather be viewed as the provider of choice rather than the provider by edict. When accepted as a true partner with the lines of business, IT can facilitate bringing new products and services to market faster, increasing revenues. By implementing cost transparency reporting, IT can quantify the dollars involved in various options and increase the awareness of the cost of shadow IT and rogue spending. Transformation is hard, but with the right facts and data, the investment can be highly productive for all.

About the Author(s)

Penny Collen

Financial Solutions Architect, Cloud Cruiser, Inc

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights