Shadow IT is no longer in the shadows but has become a topic of serious boardroom deliberation among enterprises and people who take care of IT in the companies. A number of Indian enterprises have also stepped into the room to take note of the repercussions and pitfalls associated with shadow IT. Technology purchases and management, in a number of cases, are being done by non-IT managers and employees across the company, including executives. And, by the way, also IT employees themselves. The purchases by the non-IT executives are allowing the influx of untested technology into the company.
SHADOW IN LIGHT
Well, the definition depends on your interpretation which might vary from individual to individual or from company to company. But the existence of shadow IT can not be ruled out, since it exists in every company, enterprise, and market. In any company, shadow IT paves inroads through employees who insist on using their personal devices, such as iPhone, iPads, smartphones or apps to access business applications. Today there are multiple ways to describe it, since in many cases shadow IT comes into play due to buying by multiple people or heads in the organization.
What describes it best is a Gartner explanation. “In the past, shadow IT was often the result of an impatient employee’s desire for immediate access to hardware, software, or a specific web service without going through the necessary steps to obtain the technology through corporate channels. With the consumerization of IT and cloud computing, the meaning has expanded to include personal technology that employees use at work (see BYOD policy) or niche technology that meets the unique needs of a particular business division and is supported by a third-party service provider or in-house group, instead of by corporate IT,” writes David J Cappuccio, Research VP, Gartner, in a blog post.
Enterprise IT (both software and hardware) which has not been bought or built with the IT team’s approval or support is commonly used in most of the companies and so is shadow IT. “These are often systems that the enterprise IT teams are unaware of and hence they term it ‘shadow’. It has a negative connotation, as typically these systems come into the IT team’s radar only when there is an incident related to failure, lack of support, data security, fraud, compliance or audit,” opines Samir Khare, Chief Information Executive, Fullerton India Credit Company. In his opinion, the simplest examples of shadow IT in any company are the extensive use of macros based on Excel or equivalent tools which are often written by end users and usually never known to the enterprise IT team. Some other examples are the cloud solutions on storage (Dropbox, Google Drive, etc), cloud solutions on compute (AWS, etc), personal computing devices especially once concepts like BYOD have been deployed in an enterprise.
TOO MANY COOKS
Clearly, the core reason for shadow IT seeping into an enterprise is often the same across industries viz. employees’ need for immediate and cheap technology solution to automate or resolve the problem at hand instead of waiting for a structured solution which is designed keeping in mind the company’s objectives and can be supported and maintained by the IT team. At least Khare puts this view very strongly. However, there is a big shift as far as buying technology is concerned. In many companies, technology buying is being done by various people in different roles in the company without the knowledge of IT department. Hence they have not tested the solution and so approved. It often leads to shadow IT spread in the company. “Technology buying done by business managers often brings applications into a company’s system which are not tested or in some cases deemed fit. Even if they have bought licensed applications, it is very important that these applications are bought in connivance with the IT department in order to eliminate shadow in the company,” regards Satyajit Sarker, General Manager, IT, DTDC Courier & Cargo.
Hence there is little control of the IT department on other departments as far as technology buying is concerned. For applications to sync with the overall IT system is important and is only possible if the IT department tests the applications before they are deployed. But often executives take this risk. “Often executives are not aware of the consequences the applications they have bought for their department can cause any inconsistency to the enterprise network,” adds Sarker.