Revisiting Shadow IT...again.

This post sponsored by the Enterprise CIO Forum and HP.

The topic of Shadow IT is making the rounds again.

A quick Google search finds more than a few new posts on the topic in last few days/weeks with more than just a few pointing to the “good” that can come from Shadow IT.  I don’t know that Shadow IT can really be considered ‘good’or ‘bad’ per se…but there are good and bad things about Shadow IT.

The good is easy to quickly name…there’s agility with Shadow IT services. There’s also security issues with Shadow IT services.

While I’ve been a big proponent of Shadow IT for years, there are issues that people need to know about. Not only are there security issues, but there are pure operational issues that most folks don’t think through.

Christian Verstraete writes about these operational aspects on the Enterprise CIO Forum in a post from July titled Shadow-IT, it’s forbidden to forbid. In that post, he writes:

Talking to business users, I’m often flabbergasted how little they know of the potential risks encountered by putting information in the public cloud. Things happened over the years. Many of us received several e-mails from loyalty programs when a company, called Epsilon, got a security breach. I did not suffer any damage, but many others did. Interestingly enough, there is NO legal obligation today for companies to make security breaches public. The EU wants to change that, but it’s not a done deal yet.

How many of your users are aware of this? How many know about Data Protection Acts and other data related negotiation? Do they have that in mind when sharing information using DropBox, Skydrive, LinkedIn, Facebook or another tool.

Christian continues with a very key point for IT  professionals…whether we are talking about Shadow IT or anything else related to technology.  He writes:

Education is of the essence, not to scare them, but to point out the importance of being careful when using open internet services. The second element to take into account is BYOD. App stores have hundreds of thousands of applications. What are those actually doing? Who is making sure none of them collects information on behalf of hackers or criminals.  That is doomed to happen if not yet.

Well said.

Without education, the organization really has no idea how much damage they might do by going the cloud services or the BYOD route.

But..its more than just about education. Its gotta be about delivering services. The organization is going around IT because they haven’t, won’t or can’t deliver.

The CIO and IT group should look at Shadow IT as an opportunity. An opportunity to compete and win back the ‘hearts and minds’ of the organization.  As Dave Linthicum writes in Shadow IT can be the Cloud’s Best Friend:

When the business units move forward, they force the hand of corporate IT. Often, IT will stomp out the use of unauthorized cloud-based resources and thus reduce the productivity of that business unit. A better approach would be for IT to get ahead of that technology on behalf of the company, leading versus following those business units into the cloud.

Emphasis Mine.

Educate, then communicate. Then…Lead.  You won’t snuff out Shadow IT, but you’ll at least be leading the way for the organization’s technology initiatives rather than playing catchup to the various cloud services projects that are kicked off without you.

This post sponsored by the Enterprise CIO Forum and HP.