Shadow IT — Enterprise IT’s love/hate relationship

You’ve probably seen ‘it’. You’ve probably been a part of ‘it’. The bigger your business gets, the bigger the shadow. It’s ‘shadow IT’… 🦇

Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization. It can encompass cloud services, software, and hardware — CISCO

Shadow IT can be seen to be highly disruptive to a business or a massive opportunity for the business to sky-rocket their capabilities, reduce costs, or even make the lives of their employees easier. In this article, we’re going to talk about why shadow IT can be disruptive, why it occurs, and how to make the most of it when you see it!

Why Shadow IT can “hurt” your business

Imagine you let your friend borrow your car and the next time you drove it, it's suddenly dangerously faster because your friend gave you a secret ‘upgrade’ to your engine. There are a few things you might be thinking:

1. How much is the upgrade going to cost me? Does it consume more fuel?
2. Is this upgrade even legal?
3. Will this vehicle be controllable?

This analogy is very similar to the question an IT team may ask when new software or infrastructure is being adopted without authorization from the IT team. Adopting non-compliant technology could lead to some issues such as:

1. Wasted technology spending
2. Legal ramification due to breach of IT governance requirements
3. Loss of productivity due to overlapping system capabilities
4. Security vulnerabilities

But why does Shadow IT happen?

Like how weeds grow on a lawn, Shadow IT slowly grows unnoticed until it gets almost unmanageable. Shadow IT often occurs when compliant technology does not meet the functional requirements of staff. For example, if Microsoft Teams is limited to intra-company communication. If a staff member needs to communicate with multiple 3rd party organisations, they might decide to set up a Slack account for Slack’s multi-workspace capabilities.

So how is Shadow IT managed? and how can you make the most of it?

The great thing about Shadow IT is that when it becomes an issue, it often means there is a high-level adoption of the technology in the business, and incorporating it into your business-compliant technology stack could help realize multiple benefits such as:

1. Reduced costs when consolidated under an enterprise contract
2. Reduced security risks and attack surfaces
3. Compliance with IT governance requirements

In order to achieve these benefits without the negatives associated with Shadow IT the following steps should be followed:

Shadow IT Management Process — www.plutora.com

1. Discover and Identify — The first step is to improve your business's ability to detect non-compliant technology. This can be done by implementing monitoring tools such as ManageEngine
2. Evaluate and Analyse — At this point, you or your IT team can begin to identify compliance risks and benefits of the technology. During this phase if the technology is identified that cannot hold up to your business's compliance requirements, usage of this technology can be banned/blocked. On the other hand, if the technology could be compliant, it might be beneficial to adopt it.
3. Manage and Continuous Monitoring — Managing the technology could mean adopting the technology into your list of compliant technologies. This could include adopting enterprise-level contracts to reduce costs, enabling integrations with the compliant systems to improve interoperability, virtualising the technology to increase security, and adding single-sign-on to improve productivity.

If managed correctly, Shadow IT can be very beneficial for an organization. Shadow IT is often an indicator of growth within a business unit or team and in order to capitalize on this opportunity, all businesses should adopt the above three steps!