Shadow IT: Technology, as in devices, software, and services, outside the ownership, control or knowledge of IT.
Finding a high-tech enterprise without shadow IT is like finding a three-legged unicorn. Since the beginning of IT, there have been business groups purchasing hardware, software, and/or a specific web services without going through their corporate IT team. The rise in web-based apps, cloud computing, and bring-your-own-device (BYOD) strategies has only made bypassing IT easier.
While many champion the innovative nature of shadow IT, the drawbacks to a large enterprise are significant. Unsupported hardware (e.g. BYOD) and software (e.g. SaaS applications) that do not follow corporate security policies introduce security risks. Compliance is a big concern; corporate data stored outside IT’s control often does not comply with backup policies or regulations. Data silos can form, preventing information from flowing freely throughout the organization. Network performance can be impacted as shadow apps vie for bandwidth.Technology costs increase as a direct result of missed opportunities for the bulk discounts IT negotiates on contract staffing, hardware, and software.
One of the biggest hidden costs of shadow IT often shows up later. One or two years down the line a business group realizes it no longer has the expertise or resources to support the technology and wants to turn it over to IT. In many cases, re-integrating the system into the IT infrastructure or changing to a new system can be costly and resource-intensive.
All these factors combine to hamper enterprise IT’s agility in delivering its services.
NetApp IT’s goal is to create a sustainable operating model by better aligning IT investments to business priorities and following a shared roadmap. As a service provider, IT wants to offer and support technologies that drive our business agility. To achieve this, we need to ensure IT work is done under IT direction using standards and best practices that extend across the enterprise. Without that, we are hindering the business’ ability to go to market as quickly as it can.
As part of its corporate transformation program, NetApp IT recently undertook the challenge of bringing shadow IT under corporate IT’s purview. We wanted to reduce our technology landscape to a more manageable number and eliminate redundancies. An earlier attempt to do this had taught us two valuable lessons: First, business and IT must first partner together to align technology to business strategy. From this, technology roadmaps, application development, and support strategies can be designed and executed with the proper coordination. Technology investments must be part of the official roadmap. Second, executive support is mandatory. Once employees understand this is a corporate mandate, the adversarial nature of the negotiation process is mitigated.
Identifying shadow IT is a multi-phase process that requires both ingenuity and creativity. In addition to scouring through our configuration management database (CMDB) for non-IT systems, we are working with Finance to identify outside vendors, searching for non-IT employees with IT titles, and utilizing the knowledge of our business service managers, who act as the IT liaison to business customers.
Analysis so far shows that shadow IT is primarily functionally specific, such as bolt-on SaaS tools. But the scope varies widely. At one end of the spectrum are popular SaaS-based software packages that are easy to learn, integrate support and training, and require only a credit card to use. At the other end is custom software development that includes outsourced application development, test, and support operations.
Bringing shadow IT into corporate IT should not be a hostile takeover. Once we find a potential shadow application, we open discussions with the owner before any changes are undertaken. What business need is the app addressing and are there other internal apps with the same functionality? What contract is in place? What people are affected and how? What tools and other apps are associated with this technology? Is there an outside services layer that will be impacted? What is the operating model? How can IT adapt and learn from this model? The transition should be positive for both IT and the business.
NetApp IT is now in phase one of the project–identifying shadow IT, holding discussions, and developing a transition strategy. Licensing, support, development, processes, governance, and the technology roadmap are being closely examined. IT is looking at ways to use existing resources to reduce short-term costs, such as managed service provider contracts for staffing, the Command Center for support, and on-premises data centers for hardware administration. In phase two-optimization–we will further analyze the technologies against our business capabilities and place them in the appropriate tier for support and development.
Becoming More Agile
Shadow IT is not a one-time project. First, we are embracing the knowledge business users have gained while using shadow technologies and incorporating them back into our IT service delivery. Knowledge sharing is a first step toward Fast IT, an environment where IT can quickly deliver the tools the business needs to achieve its goals. The ultimate goal is to enable business users to focus on their areas of expertise and trust IT to provide technology services. Over time, as trust grows, the need for shadow IT should decline.
A structured approach to merging shadow IT into corporate IT operations can deliver benefits to any enterprise, regardless of its size or complexity. IT operations become less costly, less complex, and more secure. The best result? IT can use the lessons learned to improve its agility as a service provider and take a major step forward in its maturity as a driver of business success.
The NetApp IT blog series features advice from subject matter experts from NetApp IT who share their real-world experiences using NetApp’s industry-leading storage solutions to support business goals. Want to learn more about the program? Visit www.NetAppIT.com.