You Have Shadow IT- What Should You Do?
If your company is like almost every other these days, you have users that deploy shadow IT resources - cloud services from outside providers that aren’t selected and approved by the central IT organization. And when you find it, your first reaction may be highly negative - there are real risks associated with individuals putting corporate data in the hands of suppliers that aren’t fully vetted. But there are even bigger issues: it could expose the company to security risks; these third-party clouds are very hard to support (especially if you don’t know they exist) and the free-for-all of resource consumption means that consistency goes out the window.
But before you fly off the handle and take a draconian approach to stamping out shadow IT in your company, take a moment to spot the silver lining of this growing trend.
For one thing, this is a good way to understand what customers want that they are not getting from corporate IT. If users are signing up for cloud storage, your file sharing tools probably could use an upgrade in terms of sharing, searchability and multi-device support. If developers fire up virtual servers from a third party provider, you might want to work on a process for faster provisioning and granular usage models for virtual servers. If you’re seeing CRM tools deployed by individual departments, then the incumbent packages might not have the right features, might be clogged with stale data, or might take too long to modify to meet changing business needs.
For another thing, the tools are there to better deliver what customers want. Cloud automation software can let internal customers provision for themselves from a list of pre-defined options, and get those services up and running much faster than they have in their experience with traditional processes. Figuring out what users really want, and putting a system in place to reliably deliver it will make IT be seen as a viable partner to the business, and reduce the need to look elsewhere.
Remember that the users who are willing to whip out their credit cards and come up with a creative solution are probably your best and brightest. The fact that they take the initiative to find their own solution means that they are motivated, they care about their work, and they understand the shortcomings of IT provided tools. Roadblocking these people will further diminish their trust in the IT organization, will force them to dig deeper into solutions which are hard to track or manage, and may well push them to look for new jobs with competitors that seem to offer better support.
There are three keys to productively address shadow IT in your corporate IT shop:
1) Read the tea leaves – shadow IT is a clue that something is missing. Don’t waste the opportunity to learn about the shortcomings of IT services on offer; if you improve and expand the services that IT offers based on what you learn, users won’t need to look elsewhere. Like it or not, IT has shifted from a corporate monopoly to a marketplace of competitive services, so learn from the competition and improve your offerings.
2) Be clear about the downside of shadow IT usage. If there are real security, scalability or support risks from the usage you are seeing, articulate them honestly. These users want to do the right thing for the company, so if you can create an honest dialog about the risks and the alternatives, you will end up with a more productive relationship. If you come across as the enemy, enforcing seemingly arbitrary regulations without understanding practical realities, you will lose them forever. Your business unit customers are too smart and too proud to be told no without engaging in a real discussion.
3) Pick your battles. It may be that some elements of shadow IT are so entrenched and so successful at solving business problems that shifting usage to a different solution doesn’t make sense. For the most widely used solutions that don’t have glaring risks and shortcomings associated with the service, consider working with the vendor to implement an enterprise wide solution. You might find that there are beefier and more secure versions of that vendor’s solution that can be compatible with existing processes; plus, there may be opportunities for enterprise discounts vs. higher fees for spot usage.
Contributed by Andrew Reichman. Reichman is an independent analyst and consultant in the IT industry. He works with vendors, end users and analyst firms on advisory, strategy and content creation projects, along with writing, speaking and blogging.
For more thought provoking cloud management insights visit vmware-erdos.com.