I have had the pleasure of leading IT departments in three different organizations. In the early days (the 1990s, 2000s) IT departments did it all. They built networks, installed the wiring, provided and managed servers, computers, and printers, email systems, and all the software applications. IT managed corporate applications such as HR, Payroll, and accounting systems. Shadow IT wasn’t a thing back then other than perhaps the occasional person who had a family member in a computer store who could get them a great deal on a computer for less than the IT department could. Or perhaps that accountant or engineer who wanted to use a non-standard software program so they purchased the package with their department budget and figured out how to install it. Fast-forward to the past 5-10 years and we find a larger version of “rogue users” called Shadow IT.
Shadow IT Defined
The Internet and the truly digital nature of software, and of course the cloud, has and continues to game change IT. It is pretty simple now for the corporate staff to purchase their own solutions with their own department budgets. They can purchase subscriptions to sophisticated enterprise-grade systems from a variety of vendors. Or, they may sign up the company for a smaller solution, perhaps for booking and managing events or create a department website or to perform project management. There are solutions for many large common and obscure business needs and many can be subscribed to with a credit card. There can be significant security and data privacy implications for this approach to acquiring IT services without due diligence!
In my experience, people just want modern tools and systems to support their work and they want their technology to function correctly. When they have problems, they just want them resolved, and quickly. IT departments have historically gained the reputation of being the department of “no”. People want a new something or a better this or more access to the systems they have to be more responsive to their needs. IT has historically been known to say “no” more often than not. Often the people IT is saying “no” to are people with power and influence. This approach is not going to end well for IT departments.
I found that when IT provides good solutions, is responsive to current and emerging needs, and goes out of their way to get to “yes” for those they support, the relationship between non-IT and IT staff is substantially better with greater trust. IT staff generally want to provide what people want and they want to be helpful. But, over time, controlling and restrictive policies were developed and IT departments boxed themselves in. Now is the time and opportunity to do things differently.
How to Harness Shadow IT
In the mid-2000s, my team members and I at a school district where I was IT manager were planning out an enterprise wireless network across 70 schools. At that time there were increasing numbers of “rogue wireless access points” being brought into schools by staff where they set up their own “home-style” networks connected to the school’s network. You can imagine the havoc this wreaked on the network and the resulting conflicts with IP addressing, etc. Rather than “ban” these devices, we invited schools to find them and let the IT department know. IT then provided a wireless access point configured according to District standards – not an enterprise solution but a standard unit and something we could manage on our way to enterprise wireless. Schools were quite willing to trade in their “rogue” WAPs for District supported WAPs. Essentially, the District at that time was not fulfilling a need and people found ways to try to address it themselves. The moral of this story is when you detect shadow IT, whatever form it may be in, it probably arose due to a gap in what the central IT organization is providing.
Another way to harness shadow IT is to leverage a collaborative approach to decision making and design. I found success in forming ad-hoc working groups, design teams, and advisory committees and inviting representatives to participate from business departments and schools. Together we would work through problems, needs, and solution definitions. I would seek the necessary funding and support and arrange my team’s capacity, and we would do our best to make things happen. IT is no longer an island unto itself if it ever really was.
The solution to shadow IT, in my opinion, is to seek it out in a non-threatening way with a clear objective of finding out what unmet opportunities there are within your organization. Then, work with people to figure out an enterprise way to satisfy the need. Generally speaking, most people just want good tools to do their work and quality responsive support. Central IT can actually be pretty good at meeting these needs. For the more complex systems such as enterprise resource system or HR / Payroll systems, a partnership with the parts of the organization that requires these, makes sense where IT and business staff work together to select, implement, and support these systems.
I say embrace shadow IT by looking for the opportunities and then step up and meet the needs!