Most companies know that today’s digital consumer – conditioned to expect everything on-demand and as-a-service – is impatient and demanding.
By Naren Mewa, group CIO at Tarsus Technology Group
Yet all too many of them forget that these same characteristics apply to their end-users, too. IT departments that fail to give internal users the digital tools and services they need to do their jobs effectively and efficiently often find that their ‘customers’ go elsewhere to find a better solution.
According to Accenture’s Technology Vision for 2019, 71% of executives in a global survey said that their employees are more digitally mature than their organisation, resulting in a workforce waiting for the organisation to catch up. Given the pace of digital change, business users themselves are under pressure to keep up with customers—which is why they are looking for more agile tools and technology.
In some organisations, this creates conditions for ‘shadow IT’ to flourish, with end-users bypassing the IT department and organisational systems and processes to build technology solutions and infrastructure of their own. Typically, employees will set up shadow IT structures when they find that the technology in the workplace is not fit for their purpose. That might be because it’s hard to use, unresponsive, inflexible or inefficient.
The challenge for IT departments is that it is easier than ever for people to sign up for free cloud apps or to purchase software-as-a-service for a small monthly subscription. The IT department might not even know that users have a range of consumer-grade tools on their smartphones or home computers that they are using for work.
The risks of shadow IT
This brings with it major business risks and technology challenges. Firstly, shadow IT often bypasses enterprise security standards, heightening the dangers of breaches or data leakages, along with all the attendant financial, reputational and legal risks. People could be using devices and applications that do not comply with corporate policy or the demands of laws such as the Global Data Protection Regulation in the EU or South Africa’s Protection of Personal Information Act.
Secondly, unmanaged IT can be expensive and inefficient. If every department uses its own financial software, productivity tools, or customer relationship management system, the company cannot effectively leverage its economies of scale for volume discounts. Plus, the patchwork of systems may lead to higher integration, support and administration costs.
Thirdly, shadow IT leads to data and system siloes, undermining collaboration. The enterprise can’t derive the full value from the data it has collected because it does not know it exists. Collaboration across groups and departments might also be hampered as users may not be using the same tools and technologies. Fragmentation, at a system level, can also lead to process inefficiencies.
The best way to fight shadow IT is to give employees appropriate, authorised technology that enables them to get the job done. As such, the CIO needs to deliver ICT solutions and services that are flexible, efficient and intuitive enough to keep up with the demands of today’s digitally-savvy workforce. For some IT departments, this requires a shift in thinking and culture.
Shining a light on alternate IT structures
Rather than imposing tools top-down, IT leaders should collaborate with each department and group in the organisation to understand their requirements and provide solutions. Depending on the culture of the organisation and the regulatory constraints it faces, this could be a light-touch approach of outlining the minimal security requirements for any technology that is introduced into the organisation.
For more heavily regulated entities, this could mean providing a menu of approved products and solutions, or creating a process to rapidly evaluate and approve any platforms and tools users and departments want to introduce into the business. When the IT department and the business cooperate, they can usually find a middle-ground position that gives users some autonomy and flexibility while upholding architectural and security standards.
In an organisation where parallel IT is hiding in the shadows, IT departments should shine a light by auditing the usage of IT in the organisation and understanding why end-users have turned to alternate solutions to the ones provided by the IT department. The next step is to educate end-users about the risks and costs of shadow IT, before negotiating options that work for IT and business alike.
Once shadow IT is regularised or replaced with compliant alternatives, the IT department and users need to work together to purchase suitable solutions that strike the right balance. However lax or tight the organisation’s rules are, they must be enforced in a consistent way and transgressors must be disciplined to prevent shadow IT from flourishing again.