Main Menu
Home / Project Management / Risk Management / How to Deal with Shadow IT

How to Deal with Shadow IT

The presence of shadow IT: it is a sure sign that the corporate governance structure of your organization has failed. Is it then time for central IT to ‘go after the bad guys?' Absolutely not, says Rob England, a.k.a. The IT Skeptic. In his opinion, the blame for this widespread dereliction falls squarely upon the shoulders of the executive leadership team (ELT).

The IT Umbrella

England stresses that IT functions need to stay under the umbrella of corporate digital information and technology assets for multiple reasons, including but not limited to the optimization of resource allocation, maximizing productive value of digital assets through company expertise, company security and risk avoidance, and maintaining the ROI of purchased technology.

Knowing Shadow IT

But how does one recognize the presence of shadow IT in the first place? England describes shadow IT in the following way:  

Shadow IT is IT that is implemented and operated in business units with less involvement from the centralised organisational IT function/entity/agency than that IT function would like. This differs from distributed IT, where IT capabilities are implemented within business units with the consent and collaboration of the central IT function…Shadow IT (as I'm using the term here) is guerrilla IT. Shadow IT is business units going it alone, going rogue.

Distributed IT is OK

England maintains that central IT should have no quarrel with “distributed IT,” which allows the business to retain flexibility over their operations while driving within the lines set forth by IT governance. But if executives cut the leash that ties the business unit to IT policy, there’s no telling what havoc will be unleashed in the form of unsolicited file sharing, shady software sourcing, or the installation of unregistered applications.


Unfailingly, the central IT function finds out about shadow IT when:                

a) The IT Guerillas need access to a network.                

b) Something bad happens.

Scenario b usually involves corruption, loss, or theft of data. In some cases the system collapses and there is a huge productivity loss. Again, responsibility rests not with the central IT, which has no ability to enforce the policies of the company, but with those who oversee the organization’s policy – the ELT.

For more common sense wisdom from the IT skeptic, view the original post at:

About Eric Anderson

Eric Anderson is a staff writer for CAI’s Accelerating IT Success. He is an intern at Computer Aid Inc., pursuing his master’s degree in communications at Penn State University.

Check Also

5 IT Practices That Put Enterprises at Risk

Every year, millions of dollars are lost to cyber-related incidents. Cybersecurity has been put at …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time