The proliferation of cloud-computing services is enabling many companies to lower information-technology costs and the capital risk associated with innovation. But there is a darker consequence of the cloud: a rise in “shadow IT.”
Shadow IT is the purchase or development of technology services outside the control or oversight of a company’s IT department. It may occur because a business unit believes it has unique needs not met by the company’s standardized computing services, or wants a quicker implementation than it would get from the IT department. Most large companies, wary of data-security risks and seeing standardization of IT practices and processes as a key value driver, wage endless war against shadow IT.
Internet-based technology services from cloud providers, with their massive data centers, are often cheaper and faster than the services a company can provide internally. That opens the door to business units making technology decisions they historically would have run through the IT department. “Cloud services are driving an explosion of shadow IT,” says Michel Feaster, vice president of products for Apptio, a provider of software enabling IT cost transparency, accounting, and budgeting.
Look for the problem to get worse before it gets better. Because cloud computing is still new compared with traditional technology infrastructure, many people outside of IT aren’t yet fully aware of its possibilities, notes William Miller, CFO of Nationwide Services Co., a Nationwide Insurance subsidiary that runs the company’s IT operation.
Anything that promotes shadow IT is disturbing to Miller. “What you don’t want is what I call ‘hobbyists’ driving core business processes,” he says. Many business leaders are making value judgments around cost or timeliness, saying they need to be faster and cheaper, without truly understanding the compromises involved in going outside the IT department, he says.
They also may not understand what they need from a technology provider — and what they don’t ask for, they’re not likely to get, according to Miller. “If you tell a third party that your number-one issue is price, they’re going to get you cheap service,” he says. “They’re not going to tell you what risks you’re introducing with that cheap service, if they even know.”
Before cloud computing, some people saw a silver lining, as it were, in shadow IT: a source of innovation leading to prototypes for future approved solutions. That role is less attractive now that the cloud has emerged as a major stimulus for innovation, allowing companies to experiment with technology without buying expensive physical infrastructure. “You don’t need shadow IT [anymore] to enable innovation,” says Phil Garland, CIO advisory solutions leader for PricewaterhouseCoopers.
Not that IT has to make all the decisions regarding technology services for business units, or that businesses are always clueless about what solutions they need to handle any specialized needs. It may be enough for the centralized department to be aware of what the units are doing so it can apply a common set of controls, standards, and compliance procedures, notes Garland.
But communication from the IT department, or the lack of it, is a factor in the growth of shadow IT, according to Apptio’s Feaster. “When IT can’t articulate its costs and services as simply and clearly as cloud providers can, it drives business units to adopt those technologies and undermines IT’s efforts to centralize and standardize,” she says.
In fact, at many companies today, one goal of such efforts is to better compete with cloud services. Ironically, says Feaster, to the extent business units don’t like the standardized offerings, they may be even more inclined to seek out shadow IT solutions.
Hampering the detection and reining in of shadow IT is the fact that it’s often used for small projects with limited shelf lives that don’t trigger the company’s IT governance review thresholds. “But when you get a thousand of those paper cuts,” says Feaster, “over time a significant portion of your discretionary spend is going to outside service providers.”