Learn to Live in the Shadow: Accepting the Existence of Shadow IT

Want to know the best way to shut up a technology executive?

Simple. Ask them how they handle shadow IT at their firm.

As you might have seen, I wrote a feature this month looking at shadow IT. It’s a unique topic, as it’s one that plagues nearly every firm to some degree – whether they’d like to admit it or not – but it’s not an issue many technology executives are keen to discuss.

The story is one I’ve been working on for months on the side because of how difficult it was to gain traction with it. Even when bringing it up at our conferences, I was often met with blank stares and brief answers before the topic was quickly changed to something more palpable.

And that is the biggest issue with shadow IT: executives’ insistence that it does not exist and/or will not impact their firm.

Acknowledge the Issue

A C-level technology executive outright refusing to believe shadow IT is present at his or her firm can only lead to bad things. The fact is that there are likely to be at least some projects being worked on that your technology department is not aware of.

Granted, I’m not saying every firm has mission-critical platforms running unbeknown to the tech team, but to operate under the belief that all the company’s technology is run entirely under the IT department seems a bit naïve.

To be honest, that line of thinking reminds me of supporters of abstinence-only sex education. Sure, in theory the best form of contraception is abstinence, but that’s in an ideal world. Teenagers have sex. Educating them on the ways they can do so safely – as opposed to ignoring that option altogether – seems like a much more logical choice.  

That’s why I don’t buy the philosophy, which was pitched to me by plenty of executives I spoke to, that shadow IT can be avoided altogether if the organization has good communication, is transparent, and does its job well. Would a chief information security officer (CISO) not have a plan in place for what steps should be taken if his or her firm is hacked? Of course not. So why have the same approach when dealing with shadow IT?

Changing Times

Still not convinced shadow IT is something you should worry about? Even if your firm really is the diamond in the rough and completely free of shadow IT, its chances of maintaining that environment will only get increasingly difficult in the coming years.

Let’s first take a look at the type of employees entering the work force now. Most young people, regardless of whether they are planning on getting into IT or not, have a strong grasp on technology, and some even have a working knowledge of how to code.

It’s not restricted to just the youth. Those later in their career can also pick up technology skills quickly thanks to the number of classes and tutorials available online for little to no money.  A person with enough motivation, and a little bit of time, can quickly learn skills traditionally believed to reside solely in the technology department.

The better understanding a person has of technology, the more likely they are to try and go at it alone, without proper supervision, or ask for some help from a developer who is potentially bored with his or her day-to-day responsibilities.

It’s not just the people who are changing. The tools they have around them are evolving as well, making it much easier for them to spin a solution up quickly. The increased adoption of cloud technologies at financial services firms has opened the door even wider for employees outside the tech department to create and implement their own solutions.

With all of those factors leading to an increased presence of shadow IT at firms, why continue to maintain the position that it is non-existent?

I understand that it’s not necessarily something you root for. Shadow IT projects have caused major issues for firms, especially when the ones leading it leave the company for another firm, which is often the case. But to choose to completely turn a blind eye to it seems foolish. Better to get out ahead of it than get left behind.