In 2008, Rupert Murdoch was quoted as saying, “The world is changing very fast. Big will not beat small anymore. It will be the fast beating the slow.” How right he was.
Since then, the pace of change has picked up, driven in part by the increasing demand for products and services on-demand in our globalised online world.
These competitive market forces require a faster turnaround for products and services, not to mention all-hours service windows. Organisations that cannot improve their flexibility and adaptability will struggle to remain relevant.
Managing your two-speed organisation
In order to remain relevant and competitive, business owners and executives have to constantly manage the internal tensions between the business units driving change or service demand in order to meet customer needs, and those service and support functions unable to respond quickly enough to meet these commands.
These internal tensions escalate for influential business stakeholders who wish to adopt the latest technologies and are prevented from doing so by their own IT departments.
This can occur for a wide variety of reasons, from concerns over information security through to existing IT project backlogs, sheer lack of IT staff capacity or deficient technology capability.
Under pressure to move quickly and meet local business sales and operations targets, line of business stakeholders are increasingly bypassing their IT departments to get the job done by implementing their own solutions. What's more, many are turning to a rich variety of willing cloud and other IT service providers.
This DIY approach to implementing enterprise IT solutions is known as shadow IT.
The low-down on shadow IT
Shadow IT describes enterprise IT decisions made without the knowledge or involvement of the organisation’s own IT department. This is especially relevant in the user’s enthusiasm for adopting emerging technology to meet a localised need within the organisation.
By definition, shadow IT is under the radar of enterprise governance and, as such, presents a systemic risk to the organisation – something that should be, but is often not, raising alarm bells in organisations concerned about good governance.
Shadow IT is a fact of life in nearly all organisations. The Q2 2015 survey conducted by Sky High Networks covers 21 million users across a diverse range of industries and makes for sobering reading.
It claims that while the average enterprise uses 1083 cloud services, only seven per cent satisfy safety requirements. That should be a wake-up call for the board of any large company.
Recent Cloud Security Alliance research shows similar findings.
For the most part, shadow IT users underestimate the underlying technological complexity of the solutions they choose. The convenience, immediacy and usability of consumer applications and platforms trump any considerations of privacy or cybercrime for individuals who are generally unaware or unconcerned about risk to the organisation.
However, when it comes to the enterprise, this approach carries with it serious risks. Many of the concerns surrounding shadow IT and publicly available cloud-based solutions revolve around very real concerns over data jurisdiction, information security and cybercrime.
And that's before you consider the complexity involved in attempting to integrate shadow IT applications with existing business systems. Combining different information taxonomies, data and security architectures or user credential management systems can be a real challenge. Possible outcomes include cost blowouts, poorer system performance or increased system security vulnerabilities. The total integration and system assurance costs of such an undertaking could be a show stopper that delivers a net negative outcome to your organisation. Given this risk, it's better to find out which shadow systems your staff are using, sooner rather than later.
The bottom line is that non-IT executives and directors need to seriously consider the impacts of shadow IT on their organisations unless, of course, they are not planning to be around long enough to find out!