Shadow IT: Use as Opportunity or Ignore at your peril


A few recent stats and reports around IT spending, and wherein an organisation it originated, confirms our suspicions that the IT Convergence Gap isn’t shrinking fast enough.  As Enterprise IT evolves in the digital era, the value we provide and the function we perform as part of a business organisation has to be elevated for our teams to remain relevant.  Bottom line: we’re not evolving fast enough to meet the needs of the business.  More to come on why we aren’t moving (Head in the sand?  Denial?  Don’t know where to start?) but let’s start with the state of affairs.

  • Gartner predicts that through 2017, 38% of technology purchases will be managed, defined and controlled by business leaders.
  • In IDC’s research, overall LoB spending will reach US$609 billion in 2017, a 5.9% growth over 2016.
  • The Spending Guide, which quantifies the purchasing power of LoB technology buyers by examining the source of funding for a variety of IT purchases, also projects LoB spending to achieve a compound annual growth rate (CAGR) of 5.9% between 2015-2020. In contrast, technology spending by IT buyers is projected to equal a five-year CAGR of 2.3%.
  • Due to the rapid adoption of third-platform technology, LoBs are relying far less on enterprise IT to fund their technology purchases. In fact, LoB buyers will spend more than twice as much on software applications in 2017 (US$150.7 billion) than IT buyers (US$64.7 billion).

A particular line in the Spending Guide could be the canary in the coal mine.  They state that by 2020, shadow IT (from the Business unit’s directly) will be almost equal to the spending of the internal IT department, and the skew on the shadow spend is towards the highest end of the technology stack.

So here are two ways to view Shadow IT within your organisation with a Relationship-First, IT Convergence mindset.

Risk: CyberThreat

What is the risk of not engaging with the business (in a way they find valuable)?  There are many.  The one that should keep everyone in your company up at night is the biggest monster in the closet, CyberSecurity. Gartner estimates that by 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.

So what are we doing?  What we’ve always done – throw more tools and technology at the problem. Gaining visibility and moving toward more active methods of monitoring is all well and good, but if it is not partnered with or the slave of a relationship-driven IT Convergence strategy, it will be a flimsy levy against the oncoming flood.  Next-generation firewalls, web gateways, Cloud Access Security Brokers (CASB’s) can all help but they are only bandages.  They’re not going to heal the underlying issue.

Opportunity: IT as Broker Operating Model

We know it’s there. McAfee’s research suggests that overall, only 1% of organisations are not monitoring shadow IT usage, down from 5% last year.  Through technology monitoring and passive investigation (usually through a financial and licensing audit), we should know what we are up against in our organisation.

Here’s a new way to think about Shadow IT.

Scope Your Risk & Plan for Influence

Your Business and your IT risk.  What are the consequences, what are the costs? How can you tell this as a story to your business in a way that compels them to action?  What are your key messages?  Who do you need to convince?  What is a beneficial outcome that you can negotiate on?  Who on your team should ‘own’ this challenge – could be your BRM’s, EA’s or the CIO.

Extend the Olive Branch

Come bearing gifts, offer peace, try to build trust with the business organisation using shadow IT.  We don’t threaten to take the system offline or revert back to the ‘department of NO’ (because everyone in the business just loves working with us when we do that!!).

Evolve Your Governance and Operating Model

“IT as a Broker” is a highly effective Operating Model (or one value stream in your operating model) for the new digital era.  The traditional railroad tracks of technology access (we’re the only ones you can get it from) and Governance/Policy are no longer fit for purpose in many IT organisations.


Submit a Comment to Us!

Your email address will not be published.  Required fields marked *