Is Shadow IT Impossible to Control?

Hiding in the shadows, rogue IT systems are taking root. People are concocting their own IT applications in Excel and Access, and have been for a long time. Now managers are even more tempted to reach outside the company’s IT infrastructure for the powerful and affordable open source, cloud, and mobile apps on the market. Whole departments are quietly declaring independence and even putting their own IT systems in their budgets.

IT has been in charge of information systems for a reason. Data security and intellectual property are at risk when inexperienced people cobble together stand-alone applications. Valuable information can accumulate in isolated databases, when it should be integrated with the company’s other systems. When a business group develops or buys a solution, they don’t always think about tech support. And if the shadow application is the domain of one employee, the department is at a loss if he or she moves on.

Control is the answer in many companies. These organizations believe rogue solutions are a threat that must be uncovered and shut down. Directives say that no computer technologies or systems are to be used except for those coming from the IT division. Employees using unauthorized tools are subject to disciplinary action.

In reality, however, full control is probably not possible. And why are users rebelling? CIOs must ask themselves why people are ignoring official channels. Something is not working. Maybe IT is simply not serving the needs of the business. CFO Catherine Lesjak speaks on the cloud, shadow IT, and tumultuous times at HP in CFO magazine, saying, “When a business leader goes to the CIO and says he wants a new service and the CIO says it will take six months to set up, test, and deploy, the business guy goes to a cloud provider who says he can get it set up in two weeks.”

An adaptable, forward-looking company—the only kind of company with a chance of long term survival—will see things differently. The best CIOs are moving away from a sole focus on applications and infrastructure, believes Christian Verstraete, HP’s Chief Technologist, Cloud Strategy. They are seeking, evaluating, and supporting the IT services that the business needs—wherever they are found. The IT division is equipped to vet promising third-party services, and able to deal with governance, corporate policy, security measures, and integration issues. To become the honest broker of strategic services, Verstraete says, the CIO’s challenge is to transform the department, manage change and provide the right resources for its new mission.

Making the internal IT department fast and responsive is the goal of the agile, scrum, and lean IT movements. They propose an iterative approach to system development, small projects that can be accomplished quickly, frequent new releases to users, and rapid feedback. Quite a contrast to the big, slow, feature-laden approach of the past.

Bringing shadow IT into the light will be possible when companies leave behind the need for control and welcome new approaches to doing business. With clear policies, education about why those policies exist, better listening to new thinking, a willingness to solve problems, and more collaboration, people will stop hiding new IT approaches that could make the company better.

Whether the system is developed internally or leased from a third party should not start a turf war. Ultimately, everyone needs to focus on designing, choosing, and implementing IT systems that support the company’s ability to provide a product or service of value to the customer.

Karen Wilhelm has worked in the manufacturing industry for 25 years. She publishes the blog, Lean Reflections, which has been named as one of the top ten lean blogs on the web.

    September 10, 2012

    Some opinions expressed in this article may be those of a contributing author and not necessarily Gray.

    Get the latest.