Summary: “Shadow IT” is a term used to describe IT solutions and systems created and applied inside companies without their authorization. How can you control the rise of Shadow IT in your business? You must first understand why it happens. Why do users feel the need to circumvent IT in the first place? In this article, we explore a few more reasons and share some tips to help you control Shadow IT.
How bad is Shadow IT? Probably worse than you think. According to one report, the use of Shadow IT is 15-20 times higher than CIOs predict.
In other words, if you think your company doesn’t have a Shadow IT problem…think again.
The real question: How can you control it? If you want to control Shadow IT, you must first understand why it’s happening. Why do end users feel the need to bypass IT in the first place? In the first part of this article, we explored 7 common reasons:
1. IT does not offer solutions quickly
2. IT and the business do not speak the same language
3. IT is viewed as a barrier
4. IT lacks the skills
5. Users aren’t aware of the policies
6. Users think their issue is too minor
7. Users think they don’t need help
Today, let’s take things a step further and explore a few more. Here are 5 more reasons why end users bypass your IT department.
1. IT is restricted by budget
Depending on what survey you read, it’s estimated that anywhere from 50-80% of an IT budget is tied up in “keeping the lights on.” When large percentages of the budget are tied up in keeping the lights on, innovation suffers and Shadow IT grows.
With so much of the budget already accounted for, IT is often caught between a rock and a hard place. Many simply don’t have the budget to drive digital innovation. They’d love to meet every business request, but lack resources.
On the flip side, business departments aren’t under the same budget constraints. So, what happens when an IT request gets denied due to budget restraints? It goes through the business department.
“Many times, end users bypass the IT department to achieve faster delivery, or delivery of a more precisely targeted solution to their individual needs,” explains Michael V.N. Hall, a former technology executive with UnitedHealth Group, and now an independent technology consultant. “IT department are subject to budget restrictions and governance practices, where many other business departments are not bound by the same restrictions.”
If raising the budget isn’t an option, give users alternatives. Provide a list of secure options or self-service solutions that users can access. This gives users what they want, while maintaining control for the IT department.
2. Lack of sponsorship from upper management
Let me ask you a question: What is the attitude towards the IT department within your business? Is it positive or negative?
Believe it or not, this plays a large role in whether or not users bypass IT. For instance, do you think an end user is more or less likely to practice Shadow IT if they view the IT department as a barrier?
Now, where does this attitude come from? We’ve found that it usually starts from the top. Of course, that’s not to say there aren’t disgruntled users. But, the overall attitude towards IT is largely driven by upper management.
Is IT viewed by upper management as a critical part of the business, or a necessary evil? That attitude (whether good or bad) will spread throughout the whole business, whether you like it or not.
“I believe that the underpinning problem really comes from the lack of alignment or even lack of understanding on how IT operates on a given business,” says Rodrigo Montagner, CEO and Senior Partner at OM2 Tech Consulting Solutions. “In other words, the core of the IT Services and general guidelines has to be fully understood by upper management. If this step is fully followed and aligned, and upper management sponsors this attitude, all the managers below the top executives would follow guidelines or simply act the same way on the medium or long run. I have seen both attitudes happening (sponsorship and non-sponsorship from upper management) and to me, this is really the core.”
In the last article, we explored the importance of educating the users. The same goes for upper management. Make sure management understands the business value of the IT department, and the importance of the processes you’ve put in place.
3. Lack of presence
Where is your IT department located within your company? In some companies, IT is hidden away on their own floor. In other companies, the IT department is outsourced altogether.
The result: IT lacks presence within the company. The IT Department is a mysterious entity that users only call when there’s a problem.
If the end users feel like the IT department is an unidentifiable entity, how do you think that impacts their decisions? Are they more or less likely to practice Shadow IT?
“In regards to feelings of anonymity, I believe some users may feel as though their IT Department lacks a presence within the company other than to field problems,” says Jake Tully, Head of Creative Department at Truckdrivingjobs.com. “It may be more difficult to reach out to an entity that is somewhat unidentifiable and feel as though your concerns are being taken into consideration and that communication can be effective. With a cloud-based alternative, customer service is often paramount and can manifest itself in ways that solve the problem as well as pleasing the customer.”
Bring IT out of the Shadows. In some cases, this requires a physical relocation. In other cases, it means that you hold more cross-department functions. Involve IT in business meetings. Make the IT staff more visible to end users. Not only will their presence increase, but so will communication.
4. The alternatives are easier
Taking the last point one step further, many users are tired of being “added to the queue.” They’re tired of filling out complicated forms, and then waiting until IT gets around to their request.
The problem: In many cases, getting up and running with a third-party cloud service is easier than the procedures that IT has in place. The form is simpler, and the results are immediate. As explained below, this is often the driving force behind Shadow IT.
“If a new cloud-based service could potentially solve the problem for $10/mo and can be deployed by simply filling out a form…it may be too easy for a user to pass up on,” says Stephen Watts, Web Strategist at BMC Software.
Examine your processes. Does IT force users to jump through hoops to request new solutions? Distribute a survey or even talk to the users to understand how they feel about the current processes.
5. They don’t want IT to know what they’re doing
Over the course of these two articles, we covered 11 reasons why end users bypass the IT department. If you address these issues, you’ll see dramatic reductions in Shadow IT use. In a perfect world, fixing these issues should do the trick.
Unfortunately, we don’t live in a perfect world. You’ll always have a few employees who break the rules on purpose. They’re not trying to find a simple solution, get their work done, or be more efficient. They’re trying to avoid detection.
The good news: These employees are in the minority. Most practice Shadow IT for the reasons mentioned above. However, that doesn’t mean you can ignore those who break the rules on purpose.
“Some of these reasons have nothing to do with IT locking down the network, but rather employees trying to avoid being “caught” doing things on work time, such as streaming music, engaging in social media, or watching movies,” says Dodi Glenn, Vice President of Cyber Security for PC Matic. “IT may have policies in place to prohibit using these networks. Violating these policies, in some cases, could lead to termination of the employee’s job. For this reason, employees try to hide what they are doing on company time.”
Set up systems to monitor network traffic and cloud usage. This lets your IT department identify potentially unsafe activity.
In these two articles, we’ve covered 12 reasons why end users bypass the IT department. If you would like to add anything to this list, I’d love to hear it. Feel free to share in the comments.