Shadow IT: what it is, and how you should deal with it

Bringing IT out of the shadows
Bringing IT out of the shadows

The modern workplace is changing.

With new technologies, trends like BYOD, and the consumerisation of enterprise IT all creeping into the office, businesses can face an uphill task maintaining control of their systems and what their employees are using them for.

One expression related to these changes is 'shadow IT'. We spoke to Perry Gale, VP of workflow specialist Nintex, to find out what this meant and how organisations can manage the challenge it poses.

TechRadar Pro: So what is Shadow IT exactly?

Perry Gale: Shadow IT describes an increasingly common phenomenon impacting business around the world. It concerns the unauthorised use of hardware and software that is not supported by an organisation's central IT department. In many cases the IT department has not approved the technology or doesn't even know that employees are using it.

There are number of reasons for its rise, but core to these is the fact that we are all now IT consumers. The increase in BYOD and subscription-based cloud services is great for users in their domestic lives, but an increased knowledge of IT and its potential has produced very high expectations that are often not met by their business IT systems.

TRP: Why is it considered a threat?

PG: There are undoubtedly security risks when unsupported hardware and software are not subject to the same security measures that are applied to supported technologies, and by taking up bandwidth the technologies can negatively affect the user experience of other employees.

TRP: What impact has the consumerisation of IT had on the rise of shadow apps?

PG: Business IT users today increasingly think "if I can't get it now, I'm going to start signing up to services".

They want easy access and we find that most people, whilst concerned about security, still use personal Dropbox accounts, Mailchimp, Salesforce and other cloud and software as a service (SaaS) products for work.

In fact a recent Frost & Sullivan survey found that more than 80 percent of respondents admitted to using non-approved tools.

TRP: Why should companies stop trying to fight shadow IT?

PG: Employees are not using these apps and systems for personal gain or misguided reasons; they are using them because they allow them to do their job more easily and efficiently.

Almost half of the Frost & Sullivan report respondents stated they were familiar with the non‐approved software, and were therefore more comfortable using these 'shadow apps'.

This says a lot about a business' processes and systems, when employees favour apps like Dropbox or Salesforce over those designed for their working environment.

TRP: What can companies learn from shadow IT?

PG: Too many business IT systems are designed for the developer, not the user, making them unnecessarily complex for most workers. Shadow or unauthorised tools present an alternative that is much quicker and easier to use.

If these apps are making it easier for employees to do their jobs, then they are actually benefiting the business, improving productivity and efficiency and ultimately profitability. Rather than eliminating shadow IT, companies should see it as an opportunity to make their own processes more user-friendly.

TRP: How is the role of IT departments changing?

PG: IT departments are facing an increasing need to strike a better balance between flexibility and control.

At a Nintex user conference in London in April, many of our customers reinforced this point, saying that they saw the value of using consumer tools at work, but they wanted greater oversight to allay any security fears.

The fact is it is possible to give users what they want now whilst still retaining a level of management over the systems in use, and it comes through process.

Effective processes allow IT departments to oversee and orchestrate activity between this patchwork of different existing products whilst retaining the ease of use employees expect.

TRP: Why are governance and process so important?

PG: Each user has different needs and each department has different requirements. Marketing may require social media tools or CRM applications like Salesforce, whilst accounting may require bookkeeping tools like Sage One.

In practice this means that multiple and disparate tools are used by different groups within a company. This can lead to data siloes, making it difficult to police and secure and also near impossible to help users when they have issues.

A compromise is required and this is why we at Nintex are focused on providing the right solution. 'Above the cloud' solutions such as Nintex Live bring together tools like Yammer, Box, Google Drive and Twitter under one umbrella within the Microsoft SharePoint architecture.

Together, these tools make it easier for users to complete day-to-day activities and for IT departments to manage.

The system makes it easy for organisations of all sizes to automate business processes, all without a single line of code. One of our customers from Costco, for example, said he would have to employ 10 developers to deliver what Nintex delivers for the company.

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.