When employees use devices, software and services that haven’t been sanctioned by the IT department, IT should seek to support rather than punish. Credit: Warren Wong Let’s start by agreeing to dispense with the term “Shadow IT.” Anything with the word “shadow” in it is bound to have a negative connotation and so whether we’re talking consumerization of devices or applications, almost every modern organization today is confronted with some form of either departmental or consumerized IT. The two are different — even more reason to avoid grouping them both under the “Shadow IT” designation. Lines of business may opt to use non-IT procured devices or non-IT-managed applications, employees might be using their personal computer at home to work on their presentation because they never took their laptop home from the office, or they might be using a personal Dropbox instead of the corporate OneDrive for cloud storage and collaboration. Of course, there might be compliance and legal side effects to formally sanctioning departmental or consumerized IT. The image of a well-meaning employee sending a document containing privileged information to their non-two factor secured personal email comes to mind. Nobody wants to lose control of privileged data. It is not unusual for IT leaders to feel uneasy about the existence of departmental or consumerized IT within their organizations. However, in reality, the growth of departmental and consumerized IT is more reflective of changes in society, technology and the nature of work than it is reflective of the IT organization itself. So, we need to monitor departmental and consumerized IT. But how? There are several ways of going about this. The first is to put everyone on lockdown. Only domain-joined devices may access corporate data, end-users may not install third party apps and cut access for all non-corporate sites via the enterprise proxy or firewall. The problem is, this approach doesn’t work. Prohibitive IT policies drive down employee productivity which impacts business productivity. In other words, locking things down hurts the business. It is important to recognize that the days of the IT organization being able to control and deliver on all things IT are gone but concurrently so is their sole accountability for it. So consumerized IT should be an issue only insofar as it remains in the “shadows”—that is, not creating value or creating more problems than it is solving, or where accountability is in the wrong place. The second is to delegate accountability for corporate IT versus departmental IT. Line-of-business managers who make technology investment decisions must be held accountable for those decisions and any ensuing privacy matters, compliance and security issues. Of course, the executive team must buy into this accountability and ensure it is supportive of governance mechanisms that enact that accountability. Otherwise, behavior will not change. In this scenario, the CIO remains accountable for all technologies sourced and managed by enterprise IT as well as the overall corporate IT strategy, including guiding departmental IT in a direction that increases the likelihood of creating value and reducing risk. To succeed here, departmental policy infringement must result in an appropriate intervention — this means empowering the CIO with the capacity to intervene appropriately with the necessity for additional CxO or board escalation. Embracing departmental IT does not mean any laxity here. The goal is to allow greater freedom in areas where there is less risk and to ensure greater accountability and transparency in those areas of most concern. The rules need communicating and services need to be created to provide advice and guidance. And, as above, clear accountabilities need to be in place. The third approach, and the one I propose, is for IT to offer unconditional support for departmental or consumer acquired and developed initiatives, with the goal of helping line-of-business owners create the best solutions they can. That includes helping them understand the technology and vendor options via workspace analytics, architectural choices and trade-offs via collective intelligence benchmarking, and opportunities to leverage and share. The key is that IT must do this via a genuine compact — it must create value for the owner and not have this support merely be a smokescreen for a veiled audit. Resist the temptation to revert to traditional behaviors and force technology choices. The critical goal is visibility To gain visibility, coax business users toward good, longer-term outcomes. If end-users believe that they’re being forced to make particular technology choices or sub-optimize a solution for the benefit of others, it will increase the likelihood that they will head into the “shadows.” Visibility is key here, because as device drivers, operating systems and applications increasingly move to the cloud, delivered as SaaS offerings, organizations lose significant visibility of the availability and performance of their applications. Whether managed by IT or not, the endpoint becomes a privileged vantage point from which to monitor the digital user experience and the only way to gain visibility to the endpoint is by garnering the trust of the person using it. Yes, initially this will seem like a less than efficient solution from an IT department’s perspective but consider it an evolutionary trade-off for mitigating other risks around privacy, security and compliance. Related content news analysis The EU has decided to open up iPadOS 'Our market investigation showed that despite not meeting the thresholds, iPadOS constitutes an important gateway on which many companies rely to reach their customers,' said the EU’s lead anti-competition regulator, Margrethe Vestige By Jonny Evans Apr 29, 2024 4 mins Apple Apple App Store iPad how-to A new Windows 11 backup and recovery paradigm? If used properly, new features built into Windows 11 offer safe, nearly complete backup, restore, repair, and recovery operations without third-party tools — but there are some caveats worth knowing. By Ed Tittel Apr 29, 2024 17 mins Windows 11 Backup and Recovery Windows feature Q&A: Georgia Tech dean details why the school needed a new AI supercomputer Georgia Tech partnered with Nvidia to roll out its first supercomputer so students can experiment with AI and machine learning to better prepare for a job market where those skills are now critical to success. By Lucas Mearian Apr 29, 2024 12 mins CPUs and Processors Education Industry Generative AI feature Windows 11 Insider Previews: What’s in the latest build? Get the latest info on new preview builds of Windows 11 as they roll out to Windows Insiders. Now updated for Build 22635.3566 for the Beta Channel, released on April 26, 2024. By Preston Gralla Apr 26, 2024 251 mins Small and Medium Business Microsoft Windows 11 Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe