“Shadow IT” can arise in forms such as applications that, although unauthorized, enterprise users download and use, and infrastructure resources that are not encompassed by enterprise management policies. We are now seeing organizations starting to adopt a two-speed approach to some management processes, usually so they can better meet the rapid delivery requirements that are particularly important in digital projects, and this should prove useful in combatting the spread of shadow IT. It is important to apply appropriate governance to all projects and IT adoption, but processes will need to be adjusted to cater for the now prevalent rapid delivery requirement, and any additional risks must be recognized and managed.
The risks of shadow IT must be addressed
The benefits of shadow IT are primarily in its delivery of products and services that the IT function probably cannot support or deliver quickly. However, its potential shortcomings span the whole scope of governance principles, including numerous risks, the lack of cost and budget control, uncoordinated and untested security, and the lack of information control. Another major deficiency is that the enterprise has no awareness of any licensing obligations; if unlicensed shadow IT were found by a vendor audit, the enterprise could incur severe penalties.
More broadly, enterprises have to become adept at identifying differences between the major types of processes that are supported by IT and adjust governance processes as appropriate. As all organizations adapt to competitive pressures to become more digital, they recognize that true differentiation is in their customer-facing capabilities, providing ease of use and an experience that matches ever-rising expectations. The rapid pace of change here is often driven by marketing needs and requires an agile approach to delivery, in which approaches such as the pre-defining of requirements is inappropriate. The overriding approach is one of iterative development, to accommodate the continuous improvement of features that support the customer experience.
Licensing Management for Cloud-based and Virtualized Enterprise Infrastructure, IT0018-001460 (forthcoming)
Alan Rodger, Senior Analyst, Enterprise ICT Management