When employees use devices, software and services that haven’t been sanctioned by the IT department, IT should seek to support rather than punish. Credit: Warren Wong Let’s start by agreeing to dispense with the term “Shadow IT.” Anything with the word “shadow” in it is bound to have a negative connotation and so whether we’re talking consumerization of devices or applications, almost every modern organization today is confronted with some form of either departmental or consumerized IT. The two are different — even more reason to avoid grouping them both under the “Shadow IT” designation. Lines of business may opt to use non-IT procured devices or non-IT-managed applications, employees might be using their personal computer at home to work on their presentation because they never took their laptop home from the office, or they might be using a personal Dropbox instead of the corporate OneDrive for cloud storage and collaboration. Of course, there might be compliance and legal side effects to formally sanctioning departmental or consumerized IT. The image of a well-meaning employee sending a document containing privileged information to their non-two factor secured personal email comes to mind. Nobody wants to lose control of privileged data. It is not unusual for IT leaders to feel uneasy about the existence of departmental or consumerized IT within their organizations. However, in reality, the growth of departmental and consumerized IT is more reflective of changes in society, technology and the nature of work than it is reflective of the IT organization itself. So, we need to monitor departmental and consumerized IT. But how? There are several ways of going about this. The first is to put everyone on lockdown. Only domain-joined devices may access corporate data, end-users may not install third party apps and cut access for all non-corporate sites via the enterprise proxy or firewall. The problem is, this approach doesn’t work. Prohibitive IT policies drive down employee productivity which impacts business productivity. In other words, locking things down hurts the business. It is important to recognize that the days of the IT organization being able to control and deliver on all things IT are gone but concurrently so is their sole accountability for it. So consumerized IT should be an issue only insofar as it remains in the “shadows”—that is, not creating value or creating more problems than it is solving, or where accountability is in the wrong place. The second is to delegate accountability for corporate IT versus departmental IT. Line-of-business managers who make technology investment decisions must be held accountable for those decisions and any ensuing privacy matters, compliance and security issues. Of course, the executive team must buy into this accountability and ensure it is supportive of governance mechanisms that enact that accountability. Otherwise, behavior will not change. In this scenario, the CIO remains accountable for all technologies sourced and managed by enterprise IT as well as the overall corporate IT strategy, including guiding departmental IT in a direction that increases the likelihood of creating value and reducing risk. To succeed here, departmental policy infringement must result in an appropriate intervention — this means empowering the CIO with the capacity to intervene appropriately with the necessity for additional CxO or board escalation. Embracing departmental IT does not mean any laxity here. The goal is to allow greater freedom in areas where there is less risk and to ensure greater accountability and transparency in those areas of most concern. The rules need communicating and services need to be created to provide advice and guidance. And, as above, clear accountabilities need to be in place. The third approach, and the one I propose, is for IT to offer unconditional support for departmental or consumer acquired and developed initiatives, with the goal of helping line-of-business owners create the best solutions they can. That includes helping them understand the technology and vendor options via workspace analytics, architectural choices and trade-offs via collective intelligence benchmarking, and opportunities to leverage and share. The key is that IT must do this via a genuine compact — it must create value for the owner and not have this support merely be a smokescreen for a veiled audit. Resist the temptation to revert to traditional behaviors and force technology choices. The critical goal is visibility To gain visibility, coax business users toward good, longer-term outcomes. If end-users believe that they’re being forced to make particular technology choices or sub-optimize a solution for the benefit of others, it will increase the likelihood that they will head into the “shadows.” Visibility is key here, because as device drivers, operating systems and applications increasingly move to the cloud, delivered as SaaS offerings, organizations lose significant visibility of the availability and performance of their applications. Whether managed by IT or not, the endpoint becomes a privileged vantage point from which to monitor the digital user experience and the only way to gain visibility to the endpoint is by garnering the trust of the person using it. Yes, initially this will seem like a less than efficient solution from an IT department’s perspective but consider it an evolutionary trade-off for mitigating other risks around privacy, security and compliance. Related content news analysis Apple Silicon sets scene for a new AI ecosystem With its new iPads, Apple presses home the message that Apple Silicon is built for AI. By Jonny Evans May 08, 2024 12 mins Apple Generative AI iPad news The CHIPS Act money: A timeline of grants to chipmakers The Department of Commerce is divvying up $52 billion in the hopes of spurring on-shore chip manufacturing in the US. Here's what's been allocated and where the money is going. By Lucas Mearian May 08, 2024 5 mins CPUs and Processors Government Manufacturing Industry reviews Arc browser for Windows — better than Chrome? This might just be the best web browser for power users. But you’ll have to rewire your brain. By Chris Hoffman May 08, 2024 13 mins Windows Browsers Productivity Software news Google US antitrust trial: A timeline The biggest antitrust trial of the century, targeting Google's search business, is drawing to a close while a second trial against the tech giant, focusing on advertising, is scheduled for later this year. Here's an updated, play-by-play a By Jon Gold May 08, 2024 9 mins Technology Industry Google Legal Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe