We set out with a research thesis to expose the dangers of Shadow IT. Instead, we discovered that Shadow IT might just be an opportunity to improve information security, productivity and corporate culture.
We recently surveyed 1,000 US-based IT professionals about their views on Shadow IT – what they see in their companies and in their own work, and their views on how to address the challenge. The results, which we published in the report,” The Upside of Shadow IT: Productivity Meets IT Security,” show potential benefits when companies manage the issue by fostering communication and collaboration — instead of fruitless attempts at eradication.
Seeing an “upside” to Shadow IT definitely struck a chord in the industry. As journalists and influencers weighed-in on the research, an unexpected strong correlation between Shadow IT and unhealthy corporate culture emerged. Below is a round-up of the tech community’s take on the findings:
Marcel Schwantes, writing for Inc., warns that restricting the exploration of preferred collaboration tools can lead to feelings of “frustration and neglect which eventually lead to low morale, burnout, inefficient operations and turnover.” He illustrates that when IT leaders are welcoming, they can “reassure employees that they can escalate issues without feeling afraid of the repercussions to themselves or others.”
The impact or poor corporate culture on Shadow IT is echoed in the headline from Bob Violino in Information Management. He boldly states “Shadow IT flourishes when organizations stifle collaborations.”
Kevin Townsend asserts in Securityweek that the more confidence a company has in its ability to address security threats from the technologies that employees bring on, the greater acceptance there is of employee choices. He writes that when companies manage from a strong security posture, “…it solves the problem of Shadow IT by finding methodologies to include staff preferences so that it is no longer ‘shadow’ IT. From that position, organizations can enjoy all the benefits of employee app choice and use, without being stymied by the security threat of uncontrolled shadow IT.”
Scott Brinker, who runs Chiefmartech.com, comments on how far IT managers’ perspectives have progressed on the issue: “But the near universal agreement about the benefits to be gained by empowering employees to use their preferred tools — again this is in the opinion of IT — is astounding! You would not have gotten this consensus five years ago. These would have been outlier (“cray cray”) opinions at best.”
Brinker calls the approach that’s outlined in the report — fostering open communication and collaboration between business users and the IT department to help them harness the benefits of all these different technologies they desire in an IT-compliant way — “enlightened governance.”
But it’s not all sunny progress. Dan Lohrmann, writing for GovTech, has concerns about the unknown variable with embracing Shadow IT. He says that “playing ‘hide and seek’ in enterprises with new tech between IT staff and business areas is an inherent problem with Shadow IT and a paradox not easily embraced…”
In a FUD-driven security world, we hope that our findings hint at a bright spot on the radar.
Read the first post in this series here.