In most organisations, several applications are used out of IT’s sight. These so-called shadow applications are often of great use to users in an organisation, but they can also cause problems. This blog explains the risks an organisation faces and how best to deal with those risks.
Businesses understand IT. I do not think anyone can deny that now. Over the past decade, technology has become so accessible that almost everyone in an organisation knows what the possibilities are and which applications are available. That’s also quite a challenge for organisations, because that knowledge also offers employees more and more technological opportunities to set up processes in a better and more efficient way. They contact IT to build add-ons for existing applications, develop new applications or purchase applications from third parties.
What is shadow IT?
At the companies I visit, I often see that IT departments lack the capacity to meet this demand. Consequently, users often have to wait a long time until their needs are met. As a result, they look for applications and add-ons themselves. Shadow IT refers to employees’ own software or hardware within the organisation. This is nothing new. In the past, we also shared information via private folders, USB flash drives or hard disks. However, in recent years the amount of shadow IT has increased significantly. This is partly because web applications such as WhatsApp, WeTransfer and Google Drive are so easy to use. And let’s be honest: we have all used shadow IT at some stage, often without even thinking about it.
Shadow IT: the unforeseen consequences
Users often see no harm in using their ‘own’ applications. This was also very apparent in the recent report ‘Digital Disconnect: A Study of Business and IT Alignment in 2019’. More than 70% of businesses saw users deploying or developing new applications without any IT intervention as a positive development. However, the same percentage of IT professionals see a wide range of risks associated with the use of shadow IT. And rightly so. Gartner suspects that a third of all data leaks are due to shadow IT. Shadow IT also gives rise to other IT challenges:
• Inefficiency – Your organisation often does not take into account the effect of applications on other processes and systems. This may lead to problems with integrations and data flows.
• Compliance issues – By using third-party web applications, your organisation often lacks insight into where the data is stored and what your users are doing with it. This makes it difficult to comply with the laws and regulations.
• High costs – If all departments in your organisation are purchasing their applications themselves, you will lose control of the IT expenditure. As a result, you only discover much later that costs are on the rise.
• Unpredictability – The scalability and flexibility of the applications are not managed by your IT department, which makes it difficult for them to guarantee availability and performance.• Lack of knowledge – IT departments are expected to manage software that they have no knowledge of. This means that you will not be able to solve problems or it will take a lot of time to figure out how the applications work.
Prevent or embrace?
It is clear that shadow IT presents several challenges, but businesses do not see these as a problem. This makes it difficult for your organisation to ban shadow IT completely. Your IT department most likely does not have enough capacity to enforce this, either. So how should you bridge the gap between supply and demand? You can only do this by accepting that shadow IT is here to stay and you will achieve more if you gain more of an understanding of the scope. To do this, IT must actively seek to collaborate with businesses and help meet certain needs with the right tools.
By strengthening collaboration, you offer businesses the opportunity to indicate what needs to be done in terms of IT. This will allow you to achieve better solutions that are also flexible, scalable and secure. Your IT department will also get a better grip on the entire application architecture, making any technical problems easier to solve. My next blog will tell you how to do all that as an IT department.