Risk Management

How to Deal with Shadow IT

The presence of shadow IT: it is a sure sign that the corporate governance structure of your organization has failed. Is it then time for central IT to ‘go after the bad guys?' Absolutely not, says Rob England, a.k.a. The IT Skeptic. In his opinion, the blame for this widespread dereliction falls squarely upon the shoulders of the executive leadership team (ELT).

The IT Umbrella

England stresses that IT functions need to stay under the umbrella of corporate digital information and technology assets for multiple reasons, including but not limited to the optimization of resource allocation, maximizing productive value of digital assets through company expertise, company security and risk avoidance, and maintaining the ROI of purchased technology.

Knowing Shadow IT

But how does one recognize the presence of shadow IT in the first place? England describes shadow IT in the following way:  

Shadow IT is IT that is implemented and operated in business units with less involvement from the centralised organisational IT function/entity/agency than that IT function would like. This differs from distributed IT, where IT capabilities are implemented within business units with the consent and collaboration of the central IT function…Shadow IT (as I'm using the term here) is guerrilla IT. Shadow IT is business units going it alone, going rogue.

Distributed IT is OK

England maintains that central IT should have no quarrel with “distributed IT,” which allows the business to retain flexibility over their operations while driving within the lines set forth by IT governance. But if executives cut the leash that ties the business unit to IT policy, there’s no telling what havoc will be unleashed in the form of unsolicited file sharing, shady software sourcing, or the installation of unregistered applications.


Unfailingly, the central IT function finds out about shadow IT when:                

a) The IT Guerillas need access to a network.                

b) Something bad happens.

Scenario b usually involves corruption, loss, or theft of data. In some cases the system collapses and there is a huge productivity loss. Again, responsibility rests not with the central IT, which has no ability to enforce the policies of the company, but with those who oversee the organization’s policy – the ELT.

For more common sense wisdom from the IT skeptic, view the original post at: http://www.itskeptic.org/content/how-deal-shadow-it

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.