Skip to main content

IT must close doors on ‘Ministry of No’ to deal with Shadow IT

Shadow IT is very much alive and well, with enterprises and business departments increasingly reliant on this under the radar practice. So, is it time for IT departments to lock the doors on the ‘Ministry of No’ for good and start engaging with users to minimise its risks and exploit its benefits?

The trend for employees to purchase shadow IT without the permission, control or knowledge of the IT department is growing, and one that business departments have become increasingly reliant on to boost agility and productivity. This was very clear from an independent report ‘Growing Pains in the Cloud II: The People Vs The Ministry of No’ by Vanson Bourne, commissioned by NTT Communications (NTT Com) which polled 500 IT and business decision makers of companies with more than 1,000 employees from the UK, France, Germany and Spain.

The report showed that 78 per cent of business decision makers admit that employees in their department are using cloud services without knowledge of the IT department, while 77 per cent of IT decision makers are aware that is happening. Astonishingly, 57 per cent of respondents went as far as saying that shadow IT is happening in at least half of the departments in their enterprise. In addition, over 75 per cent said they regularly use popular free, unregulated cloud storage applications such as Google Drive, Dropbox and Apple iCloud to share company information.

But this new approach to business dexterity is not without its risks. Shadow IT is rarely listed in asset registers and is unlikely to be maintained, backed up or secured, according to an enterprise’s general code of practice and security policy. For example, 56 per cent of respondents reported having no idea where their shadow IT data is being stored. In addition, shadow IT includes consumer and social technologies, which can expose systems to security breaches and data loss.

Shadow IT will become a major challenge in 2018 when the EU General Data Protection Regulation (GDPR) comes into force, putting far greater responsibility on organisations to keep their data secure. It is worth noting that this regulation has teeth and for the first time hefty fines will be levied for data leaks and security breaches.

Why purchase shadow IT?

Shadow IT is fast and easy to purchase with a credit card and avoids IT red-tape. But why do users opt to purchase applications they know could put business at risk? The research highlights that the biggest motivators amongst business decision makers appear to be speed of set up with ease of use in second place. Lower prices, more choice and the fact that these apps satisfy their needs better than the IT department does are also driving forces.

Push me - pull you in the cloud

There does appear to be a continual struggle between IT departments and their users that creates negativity on both sides. IT departments soon realise that they can’t prevent shadow IT, even if they try. Draconian measures further push the trend underground and undermine the reputation of the IT department even more. This has a knock on effect on agility, motivation and innovation across the business.

The trend towards Shadow IT can be a huge problem if it is not managed correctly, or if it is completely ignored. IT departments need to start communicating with business departments and recognise that it can have a positive aspect. It can, for example, give IT departments’ insight into the type of tools business departments need to increase efficiency.

Risk goes out the window

Most employees are fully aware of the risks they are opening their enterprise up to by using shadow IT, but they feel they have every right to use it because their needs are not being met by the IT department. This is despite the IT department having to carry the can for applications they have no knowledge of if there is a security breach.

IT departments need to take time out to understand why shadow IT is happening and to look at if the IT service portfolio being offered is meeting user needs, or resources need to be changed. This way the IT department can be seen as taking positive steps to being an enabler, instead of being held up as a barrier to innovation.

Shadow IT is not going anywhere

The report suggests that shadow IT is here to stay. While there is widespread use of unauthorised services and at the same time an acceptance that doing so breaches company policy, 87 per cent of business leaders surveyed believe the trend is set to increase over the next two years.

Shadow IT does appear to be delivering business solutions users need - 80 per cent of respondents said data stored in shadow IT is critical to their organisation, and 77 per cent stated that stopping the usage of these services would limit department functionality. CIOs are aware that shadow IT exists both inside and outside the IT department across enterprises. The key is having a real and true picture of this IT estate. At the same time IT departments must have a common plan in place to engage with business leaders on IT acquisitions so that everyone is reading from the same song sheet.

Cloud brings with it new challenges and to overcome them IT departments should not try to stamp out shadow IT, as they will likely fail. Instead they need to work closely with business departments and act as an advisor to support business goals.

Len Padilla, VP of Product Strategy, NTT Communications

Image source: Shutterstock/Tinxi