The risks and costs of shadow IT have been always been a concern for IT organizations. Yet the business clearly values the capability to procure certain IT services to rapidly meet its changing business needs — so much so that these informal IT capabilities are springing up even more often than IT leaders realize. One 2015 report by Cisco indicated that the number of unauthorized cloud applications being used in the enterprise, for example, was 15 to 10 times higher than CIOs estimated.
Rather than trying to shut down growing shadow IT operations, however, IT leaders can take a different tack that embraces the benefits of business driven IT purchasing — such as better technology-business alignment, responsiveness, speed, and agility — and address some of the negative aspects of the practice — including unintended solutions overlap, inconsistent IT strategy, lack of integration ad standardization, cyber risk, and fragmented IT vendor management.
“Ignoring or trying to close down a delivery model that is liked so much by business consumers is not a great idea, particularly if the core IT function is viewed as a cost item rather than a value enabler,” says Craig Wright, managing director for business transformation and outsourcing consultancy Pace Harmon. “If the shortcomings with shadow IT can be overcome then there is a great deal to learn from it.”
IT can harness the power of shadow IT services and solutions and mitigate associated risks by wrapping formal standards around its delivery. “When shadow IT is recognized for its capabilities and the services understood and documented then organizations can establish effective governance across core IT and shadow IT functions,” Wright says. “This is somewhat similar to establishing end-to-end process optimization inclusive of a shared services function like human resources or accounts payable. If the guiderails are established, the touch-points identified, the dynamics of the process aligned, and the repeatability of quality outcomes ensured then measuring and managing shadow IT is a fairly easy step to make.”
One way to do that is to take the same types of service-level agreement (SLA) IT uses to manage the performance of IT service providers and apply them to shadow IT. The IT organizations can take several steps to build an SLA framework for technology services delivered outside the IT organization and measure and report on their performance:
1. Apply formal vendor and IT governance frameworks to shadow IT.
“If it can’t be measured then it is incredibly hard to govern it,” says Wright. First, IT must take the time to quantify, qualify and determine measures for shadow IT capabilities, ensuring that the true and fully loaded costs are understood and communicated consistently to business stakeholders
Sign up for CIO Asia eNewsletters.