Does 'shadow IT' lurk in your company?
"The data is suddenly not in the organisation anymore," says Chris Curran, principal for technology strategy and innovation at the PricewaterhouseCoopers (PwC) consultancy, about the aftershock that can come when IT finds out that business managers found it quite simple to pay for sophisticated kinds of cloud-based applications for sales and customer relationship management without telling IT.
In the old days, such actions - usually about rogue wireless LANs or websites that business units set up - would have been considered serious negative behavior that warranted a "play by the rules" lecture at the very least. But today, Curran says, the CIO and the IT staff are in a very different spot than they were in 10 years ago, and they have to take a hard look at why shadow IT is happening - and it may be for a valid reason.
Based on its own analysis, including the "Raising Your Digital IQ" survey of 500 U.S. companies with annual revenues of about $500 million, PwC estimates that somewhere between 15 percent up to 30 percent of IT spending now occurs outside the standard consolidated budget of the IT department. Sometimes it's wholly unknown to IT staff and sometimes it's not, though IT isn't exactly consulted. Cloud services buying, in particular, is today a major factor in spending outside "the processes and procurement practices of IT," says Curran. Complications ensue when the business managers, after their shadow IT decisions for cloud services, later go to the IT department with demands to integrate enterprise data with what has become cloud-based data in order to do analytics or for other purposes.
Curran argues that this shadow IT issue is only going to grow for the enterprise IT department. The business unit may have made a decision to go around IT because they consider it too slow, or managing a CRM application they don't feel is optimum anymore for the business. Other services, like file-sharing services the IT department finds out business people are using, are likely to cause concern about securityor compliance, too. But the CIO has to strive to "partner with the CFO to get visibility into this type of expenditure," says Curran. "Someone needs to have the enterprise view." In the end, the IT department may have to adopt to a changing role, he notes.
Andrzej Kawalec, global chief technology officer of Enterprise Security Services at HP, agrees shadow IT is a significant issue, though he doesn't think it's necessarily as pervasive as PwC sees it. But he does agree, "It's one of the biggest challenges to IT."
He says business units often make these direct IT buying decisions out of a sense they have to move fast to reach new channels or markets. "This is often based on a clear business mandate and logic." But there are often "hidden costs" in managing data after a shadow IT project has occurred, he points out. Resources become more and more fragmented and spread out or "misaligned." One top concern in shadow IT will certainly be security and compliance of data.
"You're introducing a lot of new risk into the system," he says, noting that the chief information security officer (CISO) or the chief security officer (CSO) in the enterprise has a clear role to play when it comes to shadow IT.
"One of the main roles of the CISO is to call out these behaviors," Kawalec says. They have to figure out what is going on and analyze it, and report findings about the security and compliance implications of shadow IT to the chief executive and the board of the corporation, where final decisions need to be made. "Shadow IT cannot be played out in the shadows," Kawalec concludes. "Someone has to shine a light on what's outside the norm."
CIO100 2013 Overview: Chief transformation officer
CIOs are across a raft of programmes using disruptive and traditional technology - effectively leading change throughout the organisation in a tough economy.
Fighting for privacy
An interview with Kaliya Hamlin, aka 'Identity Woman' and head of the Personal Data Ecosystem Consortium, which aims to give individuals control over their personal data and how it is used by corporations.
- New Zealand’s IT leaders announced at CIO Awards
- Amazon CTO: Stop spending money on ‘undifferentiated heavy lifting’
- CIO Agenda: Innovate and transform on the ‘third platform’
- Five ways to create a collaborative risk management program
- BlackBerry pitches to NZ businesses in bid to recapture market share
CONNECT WITH @ CIO NZ
CIO is bringing together the best of MIS NZ and CIO, the new look CIO is the only magazine that focuses on the unique management needs of senior IT professionals.
Get the latest news from CIO delivered via email.
CIO 100 REPORT
The definitive guide to New Zealand's largest and most significant ICT users.
READ NOW »