I'm willing to bet that the prevailing wisdom among many CIOs is that Shadow IT is a problem where employees are using unauthorized applications and putting the company at risk. They see it as something to be controlled, but if they were to look at it a bit differently, they might find their workers actually could be pointing them to some viable solutions.
That's because employees aren't using their own apps in an act of open defiance against IT authority. They are using them because they simply want to get their work done, and maybe the tools you're providing are more trouble than they're worth. If a number of employees are using a certain tool, maybe, just maybe they have found it's effective.
And maybe you want to bring that tool out of the shadows.
Figure out what works – and why
That's how Brian Lillie, CIO at Equinix, sees it. When I spoke to him last spring, he wasn't interested in rooting out Shadow IT, as much as finding ways to take advantage of it. "My employees are an army who will find cool stuff," Lillie told me.
He said instead of accentuating the negative, what he jokingly referred to as being "CI-No" instead of CIO, he could begin to learn from his employees. Of course, not everything is great, and some services do have to be be blocked. But by taking it out of the shadows and into the light, forward-thinking CIOs like Lillie are able to take advantage of what's working while more easily getting a better of idea of what isn't. And they can have a more open and honest dialogue between IT and the business units.
The fact is, regardless of how a particular CIO feels about Shadow IT, it's gotten out of your control, a point a recent survey of more than 200 IT and security pros drove home.
The survey, which was conducted by the Cloud Security Alliance, found that when asked if respondents knew about the extent of unauthorized app use in their organizations, 72 percent responded they didn't but they wanted to know. That's not exactly surprising, but it's also clear. They can't know what they don't know, so it's a tough question.
Adapting to the new computing landscape
What the respondents clearly do know is that the nature of computing has changed dramatically. It's no longer this highly complex entity that in many cases requires IT as a conduit between IT and the user. Users have many ways to simply go around IT, and because they can, they often do.
Today, we have app stores for various platforms full of software that's easy to download, update and manage. It doesn't require the IT pro to help. That's a dynamic that CIOs like Lillie understand acutely and are trying to work with, rather than fight.
Cloud applications make it even simpler, which perhaps explains why 42 percent of respondents saw cloud security as one of their most pressing security problems, just one percentage point ahead of intrusion detection.
It's clear these are complicated issues, and different companies will deal with them differently. But it's worth noting that your employees may be more savvy than you think, and you could learn something from them, simply by figuring out what tools they find most effective.
IT is used to being the leader in this regard, so it might be hard to let the lines of business lead. But it might be the best way to find common ground without leaving the organization vulnerable.
Photo Credit: Ron Miller under CC by SA license.