For all the benefits cloud computing has brought, it has also created no shortage of new challenges for IT teams.
According to a McAfee report, an estimated 40% of all IT spending occurs outside of the IT department. What’s more, shadow IT cloud usage is estimated to be ten times the size of known cloud usage, which could influence storage and network infrastructure costs.
This practice has earned mixed reviews among IT leaders.
- Some see it as a challenge.
- Others view it as an opportunity for innovation.
Though much of shadow IT lives in darkness, IT teams still have a responsibility to bring light to as many practices as possible. IT bears a responsibility to the organization to uncover the costs and risks associated with each software they use.
To do so requires an understanding of what shadow IT is, its costs and potential security gaps, and how to leverage it in a way that benefits the organization as a whole.
What is Shadow IT?
Shadow IT occurs when employees are buying their own tools or signing up for software trials to get their jobs done. This process has become easier to do and IT is not always involved. The result is that many of these apps are not managed and lack traditional IT oversight
SaaS tools can require little to no involvement from IT to deploy. In many cases, all an employee needs is a credit card and an email address to sign up for new tools. Employees often do this because they feel a specific tool or program is better suited to help them in their work than the tools the company has already purchased and made available.
It’s true that shadow IT can lead to higher productivity and better business outcomes, at times. However, it also brings a number of risks, challenges, and unnecessary expenses to the mix — all of which fall squarely on the shoulders of IT to manage.
Shadow IT Security and Cost Considerations
For many IT departments, understanding the challenges of shadow IT is a top priority. Two of the most scrutinized complexities across industries and organizations include:
- A lack of security
- The cost of too many applications
A Lack of Security
Perhaps the single biggest risk of shadow IT is the fact that if IT doesn’t know about an app or program, they can’t safeguard devices and the infrastructure against potential threats associated with that app.
Cybersecurity continues to be a top focus of IT teams, especially as fraudsters are increasingly creative in how they infiltrate company systems and devices. According to HashiCorp’s Jim Fazzone, “Even a $5 app can represent a large threat to security.”
A lack of knowledge means potential gaps in defense, which could make an organization more vulnerable to threats.
The High Cost of Too Many Applications
Cloud services take the lion’s share of shadow IT, largely because the barrier to entry is low. There are a number of cost-associated risks with this, however. For starters, employees who purchase certain tools to do their job may not realize the company has already invested in similar tools that accomplish the same goal. This is akin to paying for the same thing twice.
When programs and tools come up for renewal, the person who signed up for the service may “let it ride,” even when that tool is no longer being used to the extent it was. Or worse, the “owner” of the tool leaves the company and there’s no one to manage the subscription, which means the company continues to pay for it.
Along these same lines, a lack of IT oversight can lead to ill-informed decision-making when it’s time to renew. There’s no in-depth analysis of the value the tool brings to the company, which features are being used, and how they’re being used. In turn, this can lead to poor negotiations with vendors when it’s time to renew the software.
There’s also the fact that most non-IT employees don’t realize that software costs and service levels can (and should) be negotiated with vendors. This is a responsibility that falls to IT and Procurement teams as they right-size their licensing requirements and strike deals with vendors. When employees are in control of purchasing, they may skip this step altogether and ultimately end up paying more for the same product.
There may also be instances where multiple teams are purchasing the same software tools and products, with each team having its own subscription. A smarter and more cost-effective approach to this would be to consolidate the service. This is another task that should fall to IT and Procurement, as they can negotiate rates and services with vendors.
How to Leverage Shadow IT for Maximum Benefits
Despite its many risks and challenges, there are times when shadow IT can reveal opportunities and benefits to the overall health of the organization. These may include, but are not limited to:
- Employee Engagement
- Faster Innovation
- Training Opportunities
- Reduced Burden on IT Resources
- Insight into Employee Needs
- Opportunities for Improvement
Finding the perfect app or software to tackle a problem is a huge pain point among employees. This is a big reason why shadow IT exists in the first place!
Employees take matters into their own hands to find solutions that work the way they do. In turn, this may increase employee productivity and engagement because they have more control over how they work.
Innovation isn’t something that’s always planned. Rather, it’s more often forced or happens by accident.
Allowing employees to test and source their preferred tools may help companies find better workarounds or solutions than what they currently have. It takes them out of the “If it’s broken, don’t fix it” mindset and forces them to consider new, potentially better ideas.
What’s more, all of this happens at a much faster rate than if IT were planning a large-scale rollout of a new system.
At this point in the shadow IT practice, an employee’s mantra is “Ask for forgiveness, not for permission.” The motivated employee will charge full-steam ahead with whatever it takes to get the job done, and this creates a multitude of training opportunities across the enterprise.
For example, once a new app does come through the IT pipeline, an IT team member can approach the employee with informed questions. Most likely, they’ll want to know why a specific software was chosen, which features are being used, how they’re being used, the cost, and other specifics.
The answers to these questions may shift the conversation down one of two paths: For starters, IT may have been introduced to a valuable new solution that might become a company standard. Or, they might introduce the employee to software that’s already available but that the employee might not have had access to.
Reduced Burden on IT Resources
It’s no secret that today’s IT department is overworked. They protect the digital infrastructure, keep systems running, and are constantly putting out fires. Unsurprisingly, they can’t always stop to satisfy user requests for new solutions.
When employees take on this role, they’re removing some of the burdens from the IT department. The goal, however, should be to do so in a way that’s systematized and transparent so that it doesn’t further complicate the work of IT.
Uber leverages Productiv in this way. The CIO describes how they want to adopt new tools, but in a secure and systematic method. Productiv helps them create a sandbox with guardrails – letting them test a tool in one department and really understand business value and the KPIs of a new app. Meanwhile, if a tool is being used by more than 3 departments, then it becomes a “Corporate tool”. The end goal is a dynamic toolset where departments can easily see SaaS apps that have been blessed by IT.
More Insight into Employee Needs
When IT has a bird’s eye view of the tools and technology in use at the company, they have greater insight into which tools are being used and how they’re being used. This gives IT teams a better idea of what’s needed to do certain jobs and what each employee needs to be successful.
Only known tools can be measured in this way. When apps are unknown, IT cannot successfully determine what’s needed in a certain team’s toolbox, which may lead to future purchasing indecision. IT leaders benefit from tools like SaaS management that can uncover apps hidden in Shadow IT. This way, IT teams can have more productive and impactful conversations with employees about what they really need from a technology standpoint.
New Opportunities for Improvement
IT is constantly evolving. CIOs and IT leaders are continually testing new tools and looking for better solutions that will support business outcomes.
To do this, they rely on how their current landscape is performing and look for inefficiencies and opportunities to improve employee and organizational performance. This is better achieved when all apps, programs, and tools are known.
Managing Shadow IT Expectations
Most organizations are aware of shadow IT in their organization. We reviewed shadow IT across our data and discovered that approximately 40% of apps are found from sources such as network traffic, expense reports, and payments. Or to put it another way, this means almost half of the applications are not actively managed by IT, behind SSO, or have even gained IT’s awareness.
In a recent case study, MobileIron shares how they used to do three-week quarterly audits to find apps. When they installed Productiv, they found 30-35 apps they had never heard of before. Productiv not only saved them time but also gave them the visibility they didn’t have before.
HashiCorp’s Jim Fazzone recently gave us a great summary: Shadow IT is the opportunity to look for innovation. To help you find and leverage these moments of innovation, use a SaaS management platform like Productiv to get granular insight into your organization’s technology activities.
Productiv lifts the shadow IT veil by giving you more insight into the programs being used, including feature-level data, application overlap, cost, renewals, and app ownership. Doing so allows you to continuously monitor and manage your app sprawl at scale and identify previously unknown apps so you can take the proper security measures.
Last but not least, managing shadow IT expectations means creating policies around the practice and holding your team accountable. You can’t manage what you can’t see, and having all employees contribute to a systematized practice can help keep everyone safe, productive, and happy.