Shadow IT: Asset or Liability?

Shadow IT keeps many CIOs awake at night. For years, they’ve been worried about how to rein in renegades. But some CIOs are starting to think differently. They look at what we’ve called shadow IT as just one of many IT resources they orchestrate to address business demands.

Adopting a new attitude toward shadow IT requires trust. CIOs need to trust that business users will run projects by IT before they go off on their own, and business users must trust that IT will facilitate, rather than obstruct, their efforts to address local needs. To ensure this happens, it appears that companies need highly effective IT-business relationship managers. These relationship managers take responsibility for understanding both enterprise-wide and local business needs and negotiating priorities. See our January 2014 research briefing, “Demand Shaping: The IT Unit’s New Passion,” for a description of the tools that help relationship managers achieve their goals.

Although shadow IT can become an asset to the organization, Keith Zecchini, CIO at Parsons Brinckerhoff, reminded me that there is a tipping point. Local innovation is great, but only if IT has gained control of shared infrastructure and common enterprise systems. Otherwise, shadow IT can spell disaster.

Southwest Airlines offers an example. It created a shared environment for enterprise systems, but only after auditing all of the company’s shadow IT—literally collecting the random servers sitting under desks. After eliminating nefarious shadow IT activities, IT and business unit partners could then restore some local autonomy in ways that work for everyone.

The good news is that this conversion from liability to asset is becoming less challenging as enterprise processes are put in place. For instance, some companies like Citrix have developed business rule engines (you can purchase these too), which empower employees to adapt systems for their own needs. So if a manager needs to change a formula for something like an automated discount, that individual can make the change without going through IT. Another example involves analytics. The IT unit can set up a data warehouse and tools to allow users to conduct data analysis on their own.

Effective shadow IT requires careful set up, but the technology is out there to make it easier to actually introduce such activity in a disciplined manner. Have you architected your systems environment in order to welcome shadow IT? What secrets can you share?

Jeanne Ross is director and principal research scientist at MIT CISR.