Subscribe

It's just IT

By Tamsin Oxford
Johannesburg, 29 May 2017
Edward Carbutt, executive director at Marval Africa.
Edward Carbutt, executive director at Marval Africa.

Shadow IT is defined as the use of non-sanctioned apps and software within the organisation without the knowledge of the organisation itself. It is the dark shadow sitting in the crevices of corporate and company, luring the unwary into its honey trap of efficiency and ease of use. Downloaded and installed by employees, Shadow IT makes their lives easier, but introduces risk, compliance and security issues that make IT's life a lot harder.

"Very few CIOs have a clear view of just how much Shadow IT they are experiencing and the impact on their business, both positive and negative," says Jon Tullett, research manager, IT Services, IDC South Africa. "The biggest driver has been the increasing maturity of end-users, plus the fact that cloud solutions are low-cost and incredibly easy to procure and deploy."

Adoption is further driven by ease of use, the high standards of online training, a rise in mobile solutions, and exceptional user experiences. Individuals, line-managers, teams - anyone armed with a credit card and a server can spin up a cloud solution far more quickly than the IT department can. And with far less red tape. It makes sense, so why settle for a bland product pushed out by IT when you can have all the bells and whistles of an alternative that works?

"The thing is, you're moving faster than IT because you're bypassing compliance or procurement safeguards, among other things," adds Tullett. "The challenge is to get both sides to evolve. IT must become more agile, business-aligned and empower the users, and the users need to be educated to become more aware of the business context they are operating in, especially around risk and regulatory requirements."

Seeking a solution

While Shadow IT may introduce significant risk, perhaps the time of beating chests and bewailing its horrors should come to an end. Organisations can find ways of making the most out of its benefits, while introducing solutions that mitigate its risks. Perhaps the most important key to unlocking the benefits of Shadow IT for the organisation is education. If users are aware of the impact of a simple download, install and use, then they will make more informed decisions.

"Companies need to ensure they have an IT policy that employees understand, and the necessary IT network security and software in place to monitor and prevent the risk of security breaches," says Henk Olivier, MD of Ozone IT. "Educate employees about the risks involved around downloading and installing any content on the business network, and have a clearly defined company standard as to what is allowed, and what is not. Many employees don't even know the meaning of Shadow IT, or the dangers it presents."

The issue is that users only see the benefits and the business only sees the risks. It's a new dynamic introduced by rapid digitalisation and an influx of tech-savvy employees. In the past, employees never had the ability or understanding to simply adopt a new application and use it to address a challenge at work. Now they do, and this dynamic is forcing the enterprise to change.

Greg de Chasteauneuf, CTO, Saicom Voice Services, points out: "The business should look at encryption and authentication rules, and, in theory, not allow staff to use free accounts. IT departments can harness the potential of Shadow IT through education and being open-minded about other applications that can be used and adopted very quickly."

A relevant opportunity

It is an opportunity for IT to become more relevant, taking advantage of systems and solutions that benefit the business and the employee. For Thomas Lee, GM at Wingu, the best way to mitigate the security risks associated with Shadow IT is to nurture it as a component of a planned enterprise architecture. Many consumer-based services recognise this need and are starting to develop tools that help improve enterprise deployments. Solutions such as OneDrive, or the APIs provided by Dropbox, offer support to help enterprise developers integrate features into their software.

"In a well-organised IT environment underscored by enforced governance, processes and policies, business can work hand in hand with IT to provision their own solutions, achieving their business outcomes quickly and effectively while minimising the risk to security and avoiding a tangled mess of infrastructure," says Edward Carbutt, executive director at Marval Africa.

Says Mark McCallum, CTO of Orange Business Services, Africa: "It makes more sense to look into integrating these services securely within enterprise deployments. It is better to embrace it and acknowledge that employee IT and digital skills in the digital workplace are an opportunity to create more value from IT and digital investments, such as finding ways to open up the IT stack while retaining suitable control and security."

The thing is, you're moving faster than IT because you're bypassing compliance or procurement safeguards, among other things.

Jon Tullett, IDC South Africa

Alongside education and access, IT must recognise the need. Employees have been using apps and solutions at home for years now and they don't understand the brick wall they hit at work when they try to solve problems using the same solutions.

"Almost by definition, Shadow IT exists because of an employee's drive to do a better job," says Andrew Cruise, MD of Routed. "Corporate IT is just playing catch-up to these tech-savvy people who want their IT at work to be as seamless as their IT at home. The internet revolution has driven a wave of change in all our lives, across all parts of our lives, and this digital economy has not just been a catalyst for Shadow IT, it is a precursor."

Piilo Group CEO Phillip Lotter adds: "In future, we will see Shadow IT becoming available on in-house stores managed by IT, which can be deployed on demand by business users. Bigger software companies are using ISVs to enhance their capabilities, with a view that users can activate these solutions on demand."

As IT faces a complex juggle between accessibility and security, and compliance officers face down the challenges of Shadow IT and governance, risk and compliance, there is a small beacon of light on the horizon. Industry players that targeted consumers are making their services more corporate IT friendly, and those in the enterprise space are paying more attention to UX and accessibility. The lines are blurring as both sides merge to create solutions that fit within enterprise boundaries while delivering the capabilities users need to be more productive and effective.

"I don't think it will be referred to as Shadow IT for much longer," says Sean Nourse, chief solutions officer at Internet Solutions. "It's just IT."

Some shadowy statistics

Given that Shadow IT causes such consternation, it's worth examining some of the statistics that surround it.

  • * An EMC study found that data loss and downtime could cost as much as $1.7 trillion annually. If Shadow IT isn't secure, the cost of the risk is high.
  • * Gartner says 60% of business users are partially provisioned with capabilities from the public cloud.
  • * Gartner also adds that by the end of 2017, 38% of technology purchases will be managed by business leaders. It believes it's time to take on Shadow IT as a trusted consultant.
  • * A survey by CipherCloud found that 80% of employees admit to using unsanctioned Software-as-a-Service.
  • * Cisco found that 83% of support staff were using unsanctioned enterprise cloud applications.
  • * The same Cisco survey pointed out that only 8% of organisations actually know the scope of Shadow IT within their organisation.
  • * Finally, Frost & Sullivan revealed that more than 35% of all SaaS apps have been bought without oversight.

This article was first published in the May 2017 edition of ITWeb Brainstorm magazine. To read more, go to the Brainstorm website.

Share