The “Dark Side” (Shadow IT)

The “Dark Side” (Shadow IT)

Allow or not allow. That’s the discussion I usually hear every time I talk to my colleagues about Shadow IT.

I’m not so much in agreement that we should polarize in that way, if this type of problem exists, it’s because there is a need to which we must pay attention (unsatisfied demand).

The concept of Shadow IT is already quite old, and refers to all those technological tools that the administrative and operational areas use without the IT area knowledge or control. This definition is quite broad, and so are included in this Macros in Excel, programs “in permanent demo,” applications for consolidation or exploitation of data and mobile applications for consultation or collaboration. However, all this has a common root: they are a product of a gap between what people need and what IT can provide.

From some time ago, in all companies we are seeing the incorporate of technological tools what solve some common daily problems to user, and with which they feel comfortable.

Today any C-Level can access these applications, and basically cover the need to solve a specific problem that they have at that time. Should they be suppressed? I don’t think so. What must be done with them is to control them.

But they do not cover, nor pretend to, solutions to medium or long-term problems, since they are in themselves disposable.

Should each department have its own technology? DO NOT. It’s correct that the large number of solutions ready to use has allowed the technological needs of each area to be particular to each one, and there are parts that are not shared with any other. But allowing each department to take care of its own needs, will necessarily that the business architecture becomes a chaos and impossible to maintain in the long term. Something like a technological Babel.

A real case:

Marketing, felt that the centralized backup solution was not the right one and that the change through IT would take a lot of time and bureaucracy. So they decided to buy their timecapsule to back up. All good, but it was not taken into account that these devices are also switches, when using it as an access point to the network, at night there was a loose cable connected to one of the ports, came cleaning staff and seeing this, and to maintain order, plugged the other end into another port of the same device which generated a loop and dropped an entire segment of the network. The next day, networks guys took all morning to track down and find the problem.

The marketing “solution” caused them to lose half a day’s work themselves.

In this case it was a partial loss of service, but also the Shadow IT is the gateway to:

• Theft / Loss of information: In the case of apps that store information, it remains in the device in which it is installed, in case the owner of the device leaves the company will go with confidential information, or in case it loses its device, information could go to fall into hands that could make misuse of it.
• Vector input for viruses / attacks: In the case of “free” apps that are downloaded, they frequently have programming defects that some hacker can use to access our network, or that the download is accompanied by some malware that does things not wanted, like encrypt all the information and ask for redemption … does it sound?

What do we do?

Recognize that it exists. This is the most important. If you think that with all the restrictive measures, software detection systems and control of technological inventory has control of everything, let me remove you from your innocence: If a user considers that he needs something to work, he will have it. With or without our permission, and the good professionals are the worst, since the more they want to do their work in an exceptional way, the more they will find a way to have at hand all possible help, especially technological.

Know the Users. Therefore we only have to redouble our efforts to meet our internal customers, to know what they need and why; Knowing where they are going and what they are asking or they want to give to the business. If we know them, we will know what the needs are, even in advance, and therefore we can cover them and lower the incidence of finding solutions outside IT. In addition they will tell us in advance if they see something in the cloud or elsewhere, which will give us the opportunity to review it to be able to incorporate it into the systems inventory (but really do so with that intention please!).

Educate the user. If we have already been able to understand them, it is necessary to address the avalanche of information that they now have access to, so that it is useful both for them and for us. We must show the advantages and risks of looking for isolated solutions in the network, make them see a little further, and understand at least a superficial level, that the task of IT is to make everyone work in an organized and collaborative way, So that, for example, isolated applications eventually become a problem rather than an aid.

Reduce red tape. Either way, the speed at which technology moves today threatens to leave us behind. The way in which tools are evaluated should be speeded up. We can not spend months to tell the user that he can use it. The most certain thing is that by then he already used it, and that now what he needs to use is another. What I apply, in an attempt to keep me in the rhythm, is the assignment of a member of my team to help him prepare a real pilot for the evaluation. The truth is that I start the review from that very moment, so that when “the pilot” is already ready, I know where it goes and how it should be worked. If this work is finished and useful, there is nothing to review: the application has demonstrated by itself that it is necessary, my team already knows how to handle it so that it interacts with others, we know its advantages and its risks. So the subsequent “evaluation” is just a process. However, if the demo does not reach the end for any reason, it is clear that the user of the tool has more problems than advantages, and it is he who discards it.

There is no doubt that the technological knowledge of the other areas and the new members of the C-Level Club has increased considerably in recent years due to the enormous access to information we have today, but they only see the surface, they are not personnel of YOU. And not only that, but they do not have the picture as it has IT, or at least as it should have.

In any case you have to take advantage of the new technological skills of our peers so that the search for tools and part of the execution of the implementation is shared with them. This will benefit both parties as the tools chosen will best fit your needs and IT will be able to devote more and better time to integration with the company’s global architecture.

As discussed in other articles, CIO tasks are evolving. Big Data, the bursting of artificial intelligence, now accessible to everyone through apps, and all new trends make the current challenge for IT heads to orchestrate everything so that they work in an organized way, DO NOT FORGET, safely in the business information as for the users themselves.

The adventure just started, companions! May the force be with us.