CIO.com: So what’s the upside—not just for the business, but also for the IT organization itself?
Wright:Shadow IT demystifies IT. It is a trusted model, relatively inexpensive, and established along operating principles that are clear and obvious for consumers. Enterprise users of IT often have difficulties understanding the terminology and definitions of services used by IT and are even more puzzled by the costs and time to achieve desired outcomes. IT functions that recognize the value of bringing shadow IT under the IT umbrella are viewed by the business as being less intimidating and much more business intimate.
CIO.com: How can IT leaders best identify and recognize shadow IT?
Wright: By its very nature shadow IT has low visibility and takes time and effort to separate out from the business functions it is woven into. IT leaders may only become aware of it when an incident occurs or an audit or security investigation identifies a new data or security vulnerability. Working with business stakeholders is the real key to identifying the existence and value of shadow IT, as well as how best to harness it.
How can IT leaders best harness the benefits that shadow IT has injected into the business?
In addition to the establishment of SLAs, IT can harness benefits from shadow IT by:
- De-jargoning IT so a consumer of IT services can specify their needs in plain speak to achieve a clear business outcome. They shouldn’t need to know anything about IT technologies, how they are provisioned, or which provider is delivering them.
- Bundling hardware, software, infrastructure, and services so a user doesn’t have to be a computer genius to figure out all the piece parts or how they integrate to enable business functions.
- Expanding the service catalog to include shadow IT services, thereby legitimizing the demand and supply of such services.
CIO.com: What can CIOs do to better manage the risks of shadow IT without stifling its benefits?
Wright: Risks exist in any environment that involves change—and change is definitely a constant in IT. The perceived risk of shadow IT is increased when it is delivered in stealth mode as it is unquantified and uncontrolled risk. By legitimizing the shadow capabilities, the increased visibility allows for risks to be assessed and mitigated in the context of the specific business conditions.
In developing risk mitigation strategies it is important not to use a sledgehammer to crack a nut; a one-size-fits-all mandate will likely render shadow IT dead on arrival. Challenging the norms—mixed with a reasonable amount of creativity and out-of-the-box thinking—will help ensure shadow IT benefits.
CIO.com: Where does outsourcing fit into the world of shadow IT?
Wright: Shadow IT is not driven by outsourcing and—interestingly enough—can itself be an outsourced function. An outsourcing event is a great opportunity to rationalize and redefine IT services, aligning them to business outcomes and negating the need for multiple organizations [to provision IT services].
Sign up for CIO Asia eNewsletters.