A better approach is to acknowledge the existence of shadow IT, create and promulgate appropriate policies, provide recommendations for managing the associated risks, and offer in-house or externally-sourced support services around contract negotiation and management, backup, security updates, virus checking, firewall, and intrusion prevention.
CIOs should also encourage business unit heads and others to ensure that their staff takes the necessary action to follow the policies.
The best approach is a combination of:
- Regular, active monitoring
- Offering advice that enables and, where appropriate, encourage safe, effective, efficient, and connected deployments
- Scrutinising where shadow IT could affect critical aspects of enterprise performance, such as security and strategic or reputational threats.
Typically, people create shadow IT because some need isn't being met by the IT organisation, and the users just build or find their own solutions.
Shadow IT can be used as a teachable moment to understand why that happens, and to decide whether the IT organisation's service portfolio or the extent and type of its resources need to be changed. The desired outcome may not be to transfer the resources and power to the IT organisation but to better understand business needs by observing the behaviour. Beyond shadow IT
In reality, most CIOs recognise that IT exists -- to varying degrees - in multiple places across the organisation, inside and outside the IT department. In part, this follows from the increasing consumerisation of IT.
The emergence of cloud is also opening up new and simpler procurement opportunities. CIOs needs to take a constructive role that ensures everyone is aligned to a common plan and to educate business leaders on the value of engaging with IT to assist in these acquisitions.
Vendors also have a good reason to support this approach. Commercial technology providers' long-term interests still reside in ensuring that their relationships with IT and CIOs are not damaged as a consequence of undertaking a shadow IT project.
While IT's proportion of the technology budget may be in decline, the opportunity to build long-term supply relationships across various business units is likely to be far more challenging and potentially less rewarding in the long term than maintaining or establishing such a relationship with IT and/or the CIO personally.
In summary, CIOs should not attempt to restrict or contain shadow IT. Such an approach will likely fail. Instead, look to educate your executive and business colleagues on the challenges they will likely face and offer to act as an advisor, broker, or source of technical and project support in the implementation.
Sign up for CIO Asia eNewsletters.