Shadow IT — at one point — kept CIOs and CISOs up at night. But today, IT teams should build and maintain proper visibility and governance to manage ongoing individual or business-unit adopted technologies appearing in their ecosystem.
For years, the rise of cloud and as-a-service technologies has made it easier for employees to buy and use their own applications without help from IT. The need for increased agility and productivity has further prompted this change for employees and they can no longer wait for IT to facilitate procurement. According to a study Snow conducted in 2019, when asked about the impact of needing IT’s permission to get software or applications to do their job, 75% of workers reported that they feel watched, slowed down, frustrated or negatively impacted. However, as organizations have shifted to remote work, Covid-19 has accelerated this change and made the idea of shadow IT more pronounced. In turn, IT teams should be prepared to create new controls that balance accessibility and security.
Conversations about the threat of shadow IT seem to have slowed down. Of course, CIO and CISOs are still concerned about safeguarding their organizations from potential vulnerabilities and lingering cybersecurity threats, but there has been a significant shift to accept that some of the control IT teams once commanded has moved into the hands of individual departments and teams. Shadow IT hasn’t gone away, per say. According to a KPMG survey of 3,600 IT leaders from last year, nearly two-thirds (63%) of organizations now allow technology to be managed outside the IT department. So if shadow IT isn’t a prevalent challenge, how are organizations managing these technology investments that they don’t directly manage or weigh in on?
Age of governance and guardrails
Now, more than ever, IT teams are trying to find the right balance to effectively manage – but not control – their technology resources, budget and security measures. Every organization may be approaching the need to balance accessibility with security – and in the case of the new reality as a result of the pandemic, cost controls.
Unfortunately, with business-led IT, there may not be an IT veteran or procurement professional providing counsel to teams as they consider purchasing new services, applications, or even spinning up cloud instances to support the business. So while it’s no longer realistic to talk about eliminating shadow IT, there are steps you can take to better manage overall technology resources when driven by departments or individuals. This starts with transforming IT into the role of a trusted advisor. The goal is to enable users to make smart choices around their technology resources, regardless of whether they are delivered from IT, on-premises, as a service or via a public cloud provider.
When it comes to public, private or hybrid cloud needs, that’s where cloud management becomes critical. Not only can a cloud management platform deliver a self-service portal to users within the business units while IT incorporates governance and guardrails into the backend, but it can also provide visibility into the costs of all services to facilitate better decision-making.
Visibility and governance, while easy concepts, can be incredibly difficult to achieve. And in order to develop a self-service portal or just increase visibility in general – whether for cloud instances or software needs – IT needs to be engaged in regular discussions with employees about their needs, their understanding of the resources available and why they may be considering a different set of tools. This insight – along with current usage, versions, cost and licensing information – can provide IT teams with the information required to create appropriate governance, security protections and enablement for their workforce.
Business-unit led purchasing power is here to stay and reasonably so. But that means that shadow IT has evolved and become an inevitable part of organizations and an ongoing challenge for IT leaders. Now, IT departments will need to consider how to continue to position themselves as facilitators and provide better risk management and governance, as the ways of working continue to redefine the ‘new normal.’
To learn more about the 10 signs that you may be ready for a cloud management platform, be sure to download our free guide here.