Shadow IT is on the rise. Easily accessible cloud tools and an increasing blend of personal technical skills in a business context have empowered tech-savvy employees to seek and source their own tech solutions to become more business-productive. According to a recent survey 93 percent of employees admit to connecting personal mobile devices to corporate networks.
Just under half said that they already transfer sensitive or confidential corporate information to external cloud services. This creates chaos for the CIO. Unable to see what lurks in the shadows, the CIO is unable to plan and execute IT improvement, or be sure of business data security. But aside from the concerns, an argument also exists that shadow IT could also present opportunities for the CIO. So what do CIOs need to consider when it comes to shadow IT in a post PC-world, and how can they leverage it for the better?
Lurking In The Shadows
One fear for many CIOs is that sensitive corporate data can land in the wrong hands if users are working with devices and tools unknown to IT yet connecting to the company network. With many users working with perceived-“free” tools such as Dropbox and OneDrive that fall outside the parameters of traditional IT, personal and business data could easily be intercepted, or in some cases lost.
Recent high profile hacking cases, such as Target in the US where as many as 40 million customers had their credit card numbers stolen, have demonstrated the consequences of information getting into the wrong hands. The cost of this particular breach has amounted to over 100 million pounds so far in losses. It’s examples like this that naturally lead CIOs to see risk and danger with shadow IT.
Furthermore, an additional risk seen with growing use of a wide array of devices, is that IT departments may not have the skills required to effectively manage the devices and applications. Concerned with budget constraints, the security of data and proving IT’s value to the rest of the organisation, some CIOs prefer to set – and enforce – the agenda – meaning forms of shadow IT, such as use of consumer SaaS applications and support for Bring Your Own Device, are assumed all-bad and banished from the business. Although, as we know, just banning something does not stop its use, it just drives it deeper underground.
With all that in mind, IT should be encouraged not to be limited by fear. Opportunities for innovation also lurk beneath shadow IT, but many CIOs are failing to see the opportunities.
Understanding and taking advantage of Shadow IT should be a priority in 2015. It is key to unlocking untapped potential from around the business – such as increased productivity, which has an impact to the bottom line, and enables all business units to be more agile and responsive to customers.
CIOs who match their strategies with achieving consumer-IT standards, will allow IT to act as a broker or an enabler to emerging technologies, like cloud and mobility, providing them both visibility and the ability to provide guidance to their organisation. Controlled environments like enterprise app stores and dashboards are important tools in helping to achieving this. Providing consumer-like platforms that give users the freedom and choice to pick their IT within certain pre-approved bounds will not only engage users, and will remove the need for users to act in stealth.
These types of interfaces empower users, whilst ensuring that IT maintains the ability to manage and control the activity that takes place in their environment, and communicating and encouraging innovative yet safe-working practices positions IT as an enabling strategic asset more than an just a enforcing, negative ‘police force’. A Corporately Owned Personally Enabled (COPE) approach to mobile devices such as smartphones and tablets is also something for CIOs to consider. Building a portfolio of trusted devices and applications, and again giving users the choice to use the ones that suit their needs, ensures that IT is seen as a trusted advisor – rather than a barrier to innovation.
But can businesses really embrace shadow IT? Are the risks overpowering of the opportunities that lie ahead? We believe shadow IT can propel businesses in 2015, but to do that, they must firstly understand the individual’s IT experience when they’re in the workplace. What tools do they use? What locations are they working from? This is also valuable information for a CIO’s future IT strategy.
Proving operational, commercial value is imperative for members of the board. But it isn’t always so easy for the CIO. By implementing a trusted form of shadow IT into the wider IT strategy, CIOs can obtain valuable information about their users, which can help mould their IT plans. For example, if 80 percent of employees work remotely three days a week, perhaps the business requires a smaller office. This could save the business hundreds of thousands of pounds and gives CIOs the punch they elevation they need in board-level discussions.
If CIOs can strike the right balance between offering users the freedom and choice to work from innovative tools, with giving IT the power to retain control and have complete visibility, they can truly show their worth in 2015.