When it comes to so-called “shadow IT,” the enterprise has three basic responses. You can accept it, you can fight it, or you can ignore it.
Unfortunately, it seems that a large number of organizations are choosing option three, ignoring it, which is probably the worst approach to take because shadow IT can, in fact, become a strategic asset to the enterprise, provided it is not left to its own devices.
Ideally, the enterprise should accept shadow IT, but with conditions. With the coming of the mobile-first generation to the knowledge workforce, IT needs to recognize that enterprise data will find its way onto personal smartphones and tablets, and that the best thing to do is encourage this level of flexibility but impress upon people the need to maintain an adequate security posture.
In fact, says ActiveState Software’s Bernard Golden, it will become increasingly difficult for organizations to excel in the future without shadow IT. Recent surveys show a marked discrepancy between what IT and non-IT workers think IT’s responsibilities should be in a mobile/cloud environment, and this is giving rise to the increased tendency of avoiding official channels altogether when compiling the resources to fulfill their job requirements. At the same time, this helps explain why most private cloud initiatives have been deemed inadequate so far and even the wide disparity of opinion as to what constitutes a cloud and what is mere virtualization. By embracing shadow IT – and even more importantly, studying it – the enterprise stands a much better chance of adopting a cloud infrastructure that will actually be used, ultimately delivering the highest cost-to-productivity ratio.
To do that, though, you’ll have to bring shadow IT, well, out of the shadows. As Calyx CTO Jamie Marshall notes, this will require a change of attitude regarding IT and the responsibilities for data infrastructure and architecture, ultimately turning IT into a facilitator of information resources rather than the guardian of enterprise computing assets. As well, organizations need to strike the right balance between security and productivity, not by playing one against the other but by crafting mutually beneficial solutions and fostering a new corporate attitude in which everyone has a stake in successful outcomes.
Indeed, giving knowledge workers a stake in the security and reliability of enterprise data can be viewed as an empowering act that encourages self-reporting and a candid assessment of what is going right and wrong with the new IT infrastructure, says attorney Joe Stanganelli. Workers must still be held accountable for serious breaches, of course, and responsibility should be commensurate with the nature of the activity and the employee’s knowledge of data operations, but ultimately an atmosphere of mutual trust is crucial for optimal performance in a dynamic data ecosystem.
And on a technical level, the risks of shadow IT can be minimized by shifting the focus of security operations from the infrastructure layer to the application layer or even the data itself, according to MobileIron’s Ojas Rege. Rather than playing an endless game of “Whack-a-Mole” with every new device or application that comes out, it is much easier to encrypt information so it can be stored, processed and accessed by any means necessary. At the same time, it allows for unbridled creativity and experimentation as employees continuously gravitate toward technologies that bring the greatest measures of flexibility and performance.
Shadow IT is the perfect case for the adage, if you can’t beat ‘em, join ‘em. In this case, joining is not a sign of submission, but of strength. By embracing shadow IT as a strategic asset, the enterprise not only bows to the reality that emerging virtual, cloud and mobile technologies offer vastly superior performance to traditional IT in many ways, but that it can also be managed in such a way as to foster the highest benefit to both the individual and the organization as a whole.
But by all means, don’t think you can simply ignore it until it goes away.
Arthur Cole writes about infrastructure for IT Business Edge. Cole has been covering the high-tech media and computing industries for more than 20 years, having served as editor of TV Technology, Video Technology News, Internet News and Multimedia Weekly. His contributions have appeared in Communications Today and Enterprise Networking Planet and as web content for numerous high-tech clients like TwinStrata, Carpathia and NetMagic.