What better time to talk about “Shadow IT” than on Groundhog Day! Punxsutawney Phil aside, how many of your even know what “shadow IT” is? In brief, Shadow IT is IT that lives outside of the IT department. Why does it matter? Because it is symptomatic of not fully satisfying your business functions technology needs. Although those in your IT department may label you as simply rogue, there is a gap that needs to be addressed, whatever the cause.
My career in IT taught me two important things about “Shadow IT”. First, if it exists – and it almost always does – your internal customer experience needs some help! Second, Shadow IT is strongly correlated to IT costs and data security risks. Let’s discuss these two a bit.
Shadow IT is evident when Information Technology, in the form of applications and data, is introduced by business functions outside of your IT department. As such they have not been vetted by your IT experts as best-in-class, adequately secure, and in line with your business technology strategy and roadmap. Not to mention there is likely no plan for ongoing maintenance and support by your IT department. This results in higher costs and risks to your business.
Higher costs brought about by Shadow IT results from any of the following:
- Point solutions that do not take into account your IT department volume discounts
- Time and focus taken away from your business functions doing things they are not experts in
- Disruption to stable IT operations caused by surprise technology failures
- High cost of outside consultants when your internal IT experts can do the work
- Costly data integration efforts due to lack of forethought and planning
- Need for IT budget increases to support handover of unplanned rogue apps
- Unvetted application software companies go out of business or stop support
Data security risks introduced by Shadow IT occur based on the following:
- Criteria are limited to meeting a need but not properly vetted for data security
- Strict Cyber Security processes and protocols are not followed
- Data “lives” outside the protective IT firewall
- User management is not controlled and enables credential sharing
- Application software companies internal and external risks are not properly vetted
- Third-party applications or APIs expose business data
In summary, whether Punxsutawney Phil sees his shadow, you must watch out for the Shadow IT in your business. If you allow it to exist you will burden your business with both higher costs and higher data security risks.