But shadow IT provides a lens into the world of the business.
Lessons From Shadow IT
"I see shadow IT as my Rosetta Stone," Comstock says, referring to the Egyptian stele that gave nineteenth century scholars the key to understanding ancient Egyptian hieroglyphics. "It can help me figure out what they're trying to achieve."
"If we don't understand the business, we don't actually add much value," he adds.
Essentially, he says, when IT discovers shadow IT, they have two choices: They can come in "hot" and tell the perpetrators they've violated policy, or they can ask those who deployed the shadow IT how it helps them improve the business.
The former approach, Comstock says, lets business partners know that IT is watching them and teaches them they need to hide their future deployments better. The latter approach leads to real discussion between IT and the business.
"We can now use our rock star IT skills to help them refine their process," he says. "And you might find that they'll introduce you to another business partner."
"It's still our job to secure our data," he adds. "But how we interact with our customers is our choice. IT without culture is just IT. We need to choose what that culture of IT is going to be. Many people outside of 'us' see us as a culture of fear, a culture of no. This culture gets us nowhere. We need to change this culture."
Sign up for CIO Asia eNewsletters.