Bringing Shadow IT into the Light

The few lingering doubts I may have had about the mainstreaming of cloud computing were eliminated yesterday when I saw a television commercial touting cloud-connected stuffed animals that use a mobile app and a public cloud service to allow parents and children to exchange brief audio messages. I couldn’t help but think, had such a thing been available when I was a child, that my older brother would have used it to send me scary messages from the shadows of my bedroom in the middle of the night.

Nightmares about an older brother, or Big Brother, taking control of cloud-connected toys seems to mirror concerns expressed by CIOs according to a recent survey. The majority of respondents feared cloud adoption is reducing their organization’s control over IT, especially due to the increasing culture of Shadow IT—cloud services that are not only used directly by business users without the oversight of the IT department, but often without the IT department even being aware these cloud services were being used, creating the nightmare of IT lurking in the shadows instead of in the light of a centralized IT department run by the CIO.

CIOs believe this unsanctioned use of cloud services is creating long-term security risks that can lead to information leaks or other data security breaches. In fact, most respondents lamented that the rest of the business frequently does not seek the advice of the IT department when it comes to the implementation of cloud services. And almost half of the respondents believe business users are evading their own IT department and going straight to managed service providers (MSPs) for the infrastructureplatforms, and software that are now supporting a growing number of their organization’s critical business applications.

I have previously blogged about the changing role of IT within the organization due to cloud computing. Shelly Kramer, in her recent post about measuring your organization’s cloud maturity, blogged that “the IT team can’t (and shouldn’t) be viewed as a service department, they should play a key role in strategies that are designed to build and grow the business. This is an important move for senior leaders. Establishing a corporate culture where effective dialogue between IT and other business units is the norm will go a long way toward avoiding Shadow IT initiatives.”

After all, it’s the lack of an effective dialogue between business users and the IT department that most often forces IT into the shadows. Bringing Shadow IT into the light doesn’t mean business users have to abandon their own IT solutions, nor does it mean the IT department has to accept them as is. Instead, business users have to help the IT department understand how cloud services are solving critical business problems, and the IT department has to help business users understand the dangers involved, especially regarding security, when business users sidestep IT procedures by default. What’s cast in shadows depends on how wide you shine a light. Shadow IT happens when a narrow light is shone, either by the IT department or by individual business users. It’s time to shine an enterprise-wide light on IT. Compromises and changes, by both the business and IT, will be necessary to ensure that optimal IT solutions, from both within and outside the company, are properly implemented and managed.

Bringing the business and IT together has always been a challenge, and in the early days of IT consumerization MSPs actually profited from encouraging and enabling Shadow IT projects. Leading MSPs now realize that engaging their clients in an enterprise-wide discussion, instead of individual business users, is key to their, and their clients’, long-term success.

This post was brought to you by IBM for MSPs and opinions are my own. To read more on this topic, visit IBM’s PivotPoint. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate and scale your business.