Shadow IT is not necessarily a threat to the IT organization. In fact, it can be an effective way to meet changing business needs and create a greater understanding between IT and the business. But IT leaders must do a better job of identifying, assessing and managing these once stealth systems to both manage their risk and reap their benefits. CIO.com talked to Wright about how IT organizations should rethink their relationship with this realm of IT systems.
CIO.com: The term is largely a pejorative in IT groups—or used to be. What are the legitimate reasons for concern about shadow IT?
Craig Wright, managing director of outsourcing and technology consultancy Pace Harmon: Shadow IT has traditionally had negative connotations for IT groups as it is often perceived as a serious threat to the continued existence of IT as a function.
Many IT organizations have evolved over time, morphing to accommodate major transformation projects such as ERP implementations AND refreshes, re-platforming from legacy technologies to current day solutions, and extending or contracting based on mergers, acquisitions, and divestitures. As a result, the size, shape and composition of the traditional IT organization is often as confusing and complex as the myriad of technologies that are woven together into a tapestry of IT solutions that are constantly challenged to keep up with business needs.
Contrast that dynamic with shadow IT, which is often set up by the business for the business, very well aligned with the affordability and competitive demands of the business, is easily understood as it aligns perfectly with the business functions OR products, embraces the latest and greatest technologies via SaaS, PaaS, IaaS, and other consumption-based models, and is agile by design—not as a costly retrofit.
While shadow IT often appears to win over the traditional IT group, this is not the case where organizations have legitimate concerns in major technology areas, such as:
- The ability to scale to deliver and support enterprise-wide solutions
- Conformance with regulatory and quality requirements, particularly where design, construction, installation, operation, or performance [is auditable]
- The continued use and integration of legacy platforms where there is no as-a-service alternative and down and dirty IT programming skills are required
- The need to address the corner cases where there is no real business case, but there is an absolute technology-driven need to address obsolescence, vulnerabilities, customization, or localization requirements
CIO.com: So what’s the upside—not just for the business, but also for the IT organization itself?
Wright:Shadow IT demystifies IT. It is a trusted model, relatively inexpensive, and established along operating principles that are clear and obvious for consumers. Enterprise users of IT often have difficulties understanding the terminology and definitions of services used by IT and are even more puzzled by the costs and time to achieve desired outcomes. IT functions that recognize the value of bringing shadow IT under the IT umbrella are viewed by the business as being less intimidating and much more business intimate.