In writing our article, “Navigating the Shadows: A Comprehensive Framework for Anticipating, Identifying, and Managing Shadow IT in Organizations,” I was reminded of the conundrum that leads to why shadow IT exists in the first place.
Before moving into academia, I worked for many years in various corporate roles, where my teams and I were responsible for achieving specific goals that affected our performance ratings and bonuses, like selling a certain number of products in a quarter. Our incentives were very clear – if we were not successful at achieving our targets, our bonuses and perhaps our very jobs would be at risk. However, the IT teams that supported the organization and us were not usually tied to our incentives. Their goals were more around enabling overall corporate success and less about a specific business unit’s needs. I never believed they didn’t want to help us. Instead, they had to achieve their own goals to be successful. However, we had a goal and did what it took to make it happen, even if it meant engaging in shadow IT solutions.
This scenario plays out countless times every day. The business has to achieve its goals, and IT has to ensure the security and governance of its solutions. This begs the question of how to solve this problem. Obviously, it would already be solved and not an issue if it were easy. However, there are some steps organizations can take to help mitigate and solve the problems. The most powerful thing organizations can do to counter shadow IT is to ensure corporate goals are aligned. IT departments must have goals that are overarching to broader corporate success, but they also need to be tied to the goals of the specific business units. In my example above, if IT were tied to achieving the business's sales goals, it would smooth the way for quickly providing servers, websites, etc., to enable success.
Secondly, it would be helpful for organizations to have IT groups deeply embedded and part of the core team for individual business units. This would enable an understanding of the business unit’s goals and ensure appropriate lead time to deploy solutions. In addition, integrating IT into the core team would facilitate relationship building. Having personal relationships with the teams you support makes it much easier to get things done. After all, no one wants to let a friend down. It is much easier to ignore requests from people and teams you don’t know well and don’t have to interact with regularly.
Finally, another solution could be for IT to get ahead of the shadow IT phenomenon and facilitate utilizing these solutions with approved sources. For example, IT could proactively establish relationships with approved vendors the business could use. When the business needs to enable and deploy a server quickly for a promotion, it could use the approved vendor. By doing this, the business can more easily meet its goals. In addition, IT can maintain security and a level of governance by having a view of what is being deployed and focusing on more strategic tasks.
In conclusion, shadow IT certainly presents a challenge to organizations. But like most challenges, it also presents opportunities. Companies can enable organization-wide success by aligning goals and incentives between the business and IT, and engaging in creative solutions like proactively approving vendors.
