Is Shadow IT casting its shadow over your organization?

  • There are pros and cons to Shadow IT

  • Shadow IT forces IT to consider new technologies

  • Shadow IT presents great security and compliance risk

Shadow IT. While it sounds a bit cloak and dagger, and actually denotes a practice that’s a little on the sneaky side, it is a legitimate business term referring to the use of IT systems without organizational approval. Shadow IT has no doubt grown as a result of the popular practice known as Bring Your Own Device (BYOD), wherein employees use their own mobile devices for work. The two seem to go hand in hand.

It’s a trend that is growing — over half the 200 business leaders Lopez Research interviewed in Q1/2014 admitted to using at least one service or application for business (such as cloud computing, cloud storage, or an SaaS application) without IT’s consent. And your IT department’s concern is growing right along with it because of the great security and compliance risk to the organization. However, on the plus side, Shadow IT forces the IT department to consider new technologies that may prove more efficient than what is currently being used.

With the right approach, the risks of Shadow IT can be mitigated and the opportunity honed. Rise to the challenge with these three steps:

1. Assess why employees are using certain technologies and what they can bring back into sanctioned IT services.

Once you’ve discovered why they like these tools, evaluate what functions you can change in your existing solutions to meet these goals.
2. Consider adopting the technology if it already has traction.

Once you’ve identified the services and apps your employees are using, consider embracing them. If they aren’t enterprise-grade, identify an enterprise-grade equivalent, and educate users about why the organization prefers it.
3. Provide a method for employees to discover corporate sanctioned apps.

Enterprise mobile management solutions provide an enterprise app catalog where IT can load, distribute and manage all sanctioned, custom, third party and SaaS apps. These solutions also support the distribution and management of cloud services apps such as document repositories. Other cloud services, such as cloud infrastructure, should be turned over to IT for management to ensure security, as well as the ability to connect cloud services into data sources. Business unit leaders can recommend and fund these solutions, but IT should assume management.

Meeting each other halfway is a workable solution. Users should share information on what they are currently using and be willing to accept more secure versions of certain services. And IT should be willing to evaluate new solutions if they can provide the proper security and auditing functions.

What are your strategies for minimizing the risks of shadow IT?

Maribel Lopez is the CEO and mobile market strategist for Lopez Research, a market research and strategy consulting firm that specializes in communications technologies with a heavy emphasis on the disruptive nature of mobile technologies. AT&T has sponsored this blog post.


Maribel Lopez CEO Lopez Research About Maribel