For some people in a business Shadow IT represents a credible solution to be used to address challenges, for others it remains an IT strategy shrouded in secrecy and uncertainty. The reality is that Shadow IT increases the technical footprint and has the potential to create challenges warns Henning Lange, Chief Technology Officer at Johannesburg-based ICT and cloud solutions leader Elingo.
Lange says one of the main headaches for business owners is security. “Without controls on which services are used, who uses them and what limits are placed on customer data, Shadow IT can be a security disaster waiting to happen. When IT has no control of an application, they have no control over the security of or access to that application either.”
Following closely on the list of challenges is compliance. The point that Elingo makes is that in regulated industries like healthcare or finance, regulations have requirements to protect customers’ data and can lead to large, time-intensive, and costly compliance efforts and even fines to the organisation.
“Another critical consideration for any business in any industry today is that of cost and cost management. Without the ability to control or even see provisioning and usage of systems, organisations are seeing IT costs explode,” Lange adds.
Individuals and teams may not follow best practices in provisioning instances of the right size, leasing them for the right amount of time, consuming the appropriate services, or decommissioning unused resources in order to control costs efficiently.
IT departments tend to challenge solutions that use new tech because they are difficult to support, according to Elingo.
As a result, a large number of the software solutions developed by organisations lack the innovation and flexibility of new technology stacks.
Lange continues: “Think of shadow IT not as a problem, but as an opportunity. Shadow IT unlocks new opportunities for long-term strategy because it catalyses the entrepreneurial talent and spirit hidden deep in the company.”
So what is the best approach for businesses to take, if they are to avoid any risks with Shadow IT and actually leverage opportunities.
Elingo believes the trick is to build up an understanding of assets, of tools and of user-behaviour, all of which can impact security and overall operations.
The company advises that the first step is to ensure visibility – identify what kinds of tools or mobile apps employees use that can serve a specific purpose.
“Educate users on the risks that their actions can have. Make sure employees fully understand the risks of using non-authorised apps and services, and that they know the consequences that non-compliance can have and which services are not authorised and why,” says Lange.
Lange adds that it is important to determine what challenges employees face when using authorised solutions and why they prefer to use apps and services outside of what is provided by the organisation.
“It is about understanding the challenges of the business and offer solutions that will solve them,” he says.
As a leader in cloud services and support, Elingo has a definite stance when it comes to IT resources and approval for use in business.
“Cloud governance boards can establish policies that enable IT to set up a catalogue of pre-approved cloud services, which development teams can simply select from for faster provisioning. Policies are based on the user’s role, the environment, the team, and the purpose of the application,” Lange adds.
Shadow IT has served as the catalyst for the adoption of things and the digital-driven world, dominated by cloud, mobile and big data technologies.
It is forcing IT departments to change; to rapidly build up necessary skill sets and to create new solutions to support the new wave of business solutions.