Shadow IT is hardware or software that’s not acquired or supported by the IT department, and the term generally has a negative ring to it. “Shadow IT” implies the IT department can’t control the technology used in the organization or doesn’t know about it in the first place, which can be troublesome for any successful IT asset management program.
Shadow IT indicates that an organization isn’t meeting end-users’ needs for productivity tools.
Versions of shadow tech have been around for a long time. For example, in the years after secretaries and receptionists were common but before voicemail was ubiquitous, employees may have brought in answering machines to hook up to their work phones. Generally shadow IT speaks to employees’ desire to have access to the tools they need, and sometimes it goes along with a perception of IT as the “Department of No.” Consumerization of IT and the cloud have greatly ramped up the opportunities for shadow IT.
What’s Bad About Shadow IT
Obvious problems with shadow IT mostly involve security. Who’s to say what could happen to data that’s shared between employees who install personal versions of DropBox on their devices? Unsupported IT assets expose organizations to data loss, particularly when unsecured public clouds are used. Furthermore, shadow IT makes it much harder to find and address security vulnerabilities. It can put the IT team in the position of catching up and trying to regain control of the organization’s IT assets. IT asset management is all about knowing what IT assets exist, who they’re assigned to, and what they’re used for, and shadow IT throws a wrench into all of that.
What’s Good About Shadow IT
Shadow IT indicates that people want to get stuff done efficiently. And it also shows that end-users are perhaps more technologically savvy than they’re given credit for. Plus, shadow IT can result in development of new efficiencies, and can even save companies significant sums of money. The devices and applications that end-users find on their own (or even develop on their own in some cases) can increase agility and drive productivity gains that can put an organization ahead of its competitors, and isn’t that what every organization ultimately wants?
Ways for IT Asset Management to Cope With Shadow IT
IT asset management can’t address shadow IT if it doesn’t know about it. So it’s important that the IT service management team knows what end-users are doing. Even organizations that acknowledge the existence of shadow IT often underestimate the extent of it. The two main options for learning the extent of shadow IT in an organization are identifying traffic to and from third-party cloud apps (like DropBox and Skype) and declaring at least temporary amnesty on shadow IT. Giving end-users an opportunity to explain why they downloaded a third-party app lets the IT service management team know what needs exist and what solutions are available and can allow them to alter their support accordingly.
Companies that use freelancers or contractors may have an added level of difficulty, because sharing of documents and data are central to a lot of contract and freelance work. The solution may involve use of containerization technology or mobile application management (MAM) so that contractors can do their work without causing undue security risks.
When shadow IT comes out of the shadows, it’s a prime opportunity to use IT asset management to gain better control over end-user devices and applications. The next step may be some form of enterprise mobility management, mobile device management (MDM) or MAM. It will require an investment of time and effort, but ultimately will give the IT service management team better understanding of end-users and a basis for better IT asset management.
IT asset management can’t simply pretend that shadow IT doesn’t exist. Great IT service management depends on knowing what hardware and software people are using to get their work done, even if it wasn’t acquired through traditional corporate IT channels. With a great IT asset management solution, you can not only take advantage of time-savers like barcodes and QR codes, but you can use risk management tools that scan your network and alert you when someone downloads an app on a network machine.