Skip to main content

[Managed] Shadow IT: The oxymoron you never knew about

(Image credit: Image source: Shutterstock/Kzenon)

If you had told me at the start of this year I would be spending part of my day deciding which Zoom virtual background really speaks to how I’m feeling, I certainly wouldn’t have believed you.

These are strange times we’re living in. Call them unprecedented, call them challenging, but it’s for sure different than any disruption most of us today have seen in our lifetimes. 

Watching Covid-19 reshape how business is done is quite incredible. Businesses have always wanted to move fast, but now to survive--they need to. Covid-19 has made any hope of “waiting till next week” to address a critical issue a thing of the past. It can mean the difference between a thriving business or shutting your doors for good.

Enter Shadow IT.

Shadow IT isn’t a new phenomenon. But the disruption resulting from Covid-19 can cause it to surface within organizations in a big way—the default to action, the need to solve problems faster than ever before, means employees are often looking for their own solutions rather than following a path that may seem a bit more time-consuming. Further, with tens of millions of employees working from home, there’s a rightful fear of risk from employees leveraging unsanctioned file-sharing services, video conferencing tools and more, exposing business-critical data to cybersecurity vulnerabilities.

So it’s no surprise that when faced with the options of (A) waiting for a resource-strapped IT team to carve out time to address one of many challenges faced by the business or (B) using a corporate credit card to pay for a cloud-based solution and not tell them about it, many will pick the latter. It’s easy to see why—on the surface, it seems like not only the path of least resistance, but even the right thing to do in today’s environment.

A [seemingly] impossible dilemma

The challenges Shadow IT presents are well documented. It’s an absolute security disaster waiting to happen (think of all that customer data that could potentially be linked to some SaaS application your IT team is unaware of) and on a practical level, you can’t maintain software that isn’t managed by the organization.

So naturally, IT organizations tend to limit the ability of individual employees to install their own software or connect certain devices. Which makes sense in theory—having complete governance over your technology certainly mitigates any security risks.

But the realities of time and resources work against well-meaning IT teams. Limited bandwidth and a shortage of developers to hire to fill any gaps, means timelines get extended and projects postponed. IT professionals rightfully focus on the most pressing and most impactful initiatives. And on the other side, you have business stakeholders that are trying to move forward, looking for ways to self-serve and find answers to their day-to-day challenges.

Why not ‘managed’ Shadow IT?

Turns out not all Shadow IT is created equally. In fact, some of what has been called Shadow IT in the past is really innovation at the edges of a business—those dealing with the problems are developing relevant solutions. It’s reasonable to think that those doing the work, living the processes, facing the challenges they present, are the ones best suited to figuring out what the solution should be. Shutting this type of thinking down completely can lead to the proverbial baby being thrown out with the bathwater.

We also have a growing digitally native workforce—according to the most recent available data from Pew Research, more than 40 percent of the workforce are Millennials or Generation Z, more confident with technology and more demanding of solutions that meet their needs exactly, leading to more employees seeking tech solutions.

Instead of completely banning development at the edges of the business, I recommend a slightly different approach: Why not embrace the idea of managed Shadow IT?

As written, it may sound like an oxymoron (you know, like jumbo shrimp). After all, isn’t the whole premise behind Shadow IT that it is done in secret, in the shadows, outside of the view of the governing eye of an IT team?

That’s where the “managed” piece comes in—you empower your people to perfect their own processes and address their challenges while maintaining oversight and clear guardrails in a controlled environment.

Governance + innovation = low-code

Striking that balance of continuous innovation at the edges of a business with strong security and governance—that supposed oxymoron—can be made possible using low-code platforms. The premise is simple: Anyone in an organization is empowered to build and maintain business applications at the speed they need, all within an environment that IT can effectively monitor and govern.

Today, low-code software applications are penetrating more businesses than ever. In fact, analyst firm Gartner projects that low-code will account for more than 65 percent of application development activity by 2024 as companies continue to experience a tech talent shortage.

It’s also important to recognize the power of low-code in helping companies stay the digital transformation course under the purview of a robust enterprise-scale platform. A recent study revealed that 71 percent of security professionals reported an increase in security threats or attacks since the start of Covid-19, compounded by the move to full remote work. For IT departments looking to introduce secure tools to encourage collaboration, low-code is an obvious choice.

This is a classic carrot or the stick conundrum. Rather than playing whack-a-mole with every tech tool that pops up, IT should incentivize employees to use a centralized, managed platform to solve their problems – cutting down on contraband tools. This way, IT still has a seat at the table, keeping data secure and empowering employees to accelerate innovation.

With the right platform, companies can remove the boundaries between IT and others in the business, empowering employees to become citizen developers, driving innovation and helping businesses react to market needs in real-time.

The main problems with Shadow IT—communication gaps, lack of security, etc.—fall away when you empower employees to solve their own problems using well-governed and secure low-code platforms. 

So stop running away from Shadow IT and instead try to manage it. Rethinking Shadow IT’s role and embracing the opportunity for innovation across the business, can quickly turn it from your worst nightmare to your competitive advantage.

Jay Jamison, Chief Product & Technology Officer, Quick Base