This article is more than 1 year old

Shine a light on the rogue IT that hides in the company shadows

You might even find some gems

The rapid development of technology over the years has brought us a culture where people use technology wherever they are and whatever they are doing.

Only 20 years ago a portable PC or Mac that you could use to work on the move was very expensive, and if you wanted to do serious work on a spreadsheet then you had to drive into the office and use your desktop with a decent size monitor.

Because most people could not afford their own computers, they relied on their employers to provide the technology.

If you were the employer, this brought a useful benefit: you had control over the applications people used because you were providing them. Defining and implementing standards was easy: the holder of the purse strings held all the cards.

Those days are gone, of course. We now carry around in our pockets and briefcases more processing power than anyone could have dreamt of then. And with high-speed mobile data services and open-source software you can do a ridiculous amount of processing on the move using phones, tablets and laptops.

In fact if you are so inclined you can run most aspects of a small business using just a biggish smartphone (as I discovered when I was asked whether it was possible).

Such progress, however, brings a problem we call “shadow IT”.

Untamed growth

Techopedia describes shadow IT as “IT solutions and systems created and applied inside companies and organisations without their authorisation”. Analyst Gartner's website puts it more simply: “IT activity that occurs outside of IT”.

Shadow IT is, in short, systems and software that spring up around the business without input or approval from the IT department.

That's a bad thing, right?

Obviously. Technology that is not sanctioned by the IT department serves only to make life difficult, cause security problems and introduce document formats that may or may not be compatible with approved corporate application suites.

I didn't mean that, of course. While all of those issues might exist, shadow IT is not necessarily a bad thing. In fact the rest of the Techopedia definition says shadow IT “is considered a vital foundation for technological advancement and innovation because these efforts can become potential prototypes for IT solutions that are approved in the future”.

I have personal experience of shadow IT in this context. Twenty-plus years ago, IP networking was a new concept for most people and I was working in a large organisation whose central IT function had to provide stable (if a little old and clunky) platforms to several thousand users.

We were in one of the more technical divisions and wanted more than the central IT guys could provide, so we decided to go it alone. We ran up a home-made router and used it to separate us from the rest of the corporate network, and we moved away from serial connectivity into our Sun servers and toward Telnet over an IP network.

The latter improved performance greatly, and the former protected us from the broadcast storms and other crap flung across the (very flat) organisation-wide network.

The central IT service didn't have the resource to be experimenting in the same way, nor could they try out bleeding-edge technology: their mission was to provide stable services to the masses, whereas if we blew ourselves up that was our own problem.

What did happen, though, was that we had an excellent relationship with their techies and we worked together wherever we could to bring fresh concepts to the masses over time.

Listen and learn

How does shadow IT creep in? I have already given one example of how it can start to appear: a fast-moving department that needs something IT does not provide and support (or more commonly is not able to provide in the required timescale).

I have seen far more depressing reasons for shadow IT. One is an IT department so insular that it never goes out into the business to see what it needs to work more effectively.

The other is an IT department having a plan to install a particular technology but failing to communicate this to the business – so the latter goes out and unnecessarily puts in a DIY solution.

It is particularly common to see people adopting their own range of mobile apps, for a couple of reasons.

First, even if you have a policy of providing company-owned mobile handsets, it is unusual for every member of staff to be entitled to one. Those that aren't tend to use their own handsets and hook them up to a cloud storage service like Google Drive to share documents. And if you are daft enough to allow them to sync directly with your company mail server they will use a variety of email applications that you don't support.

Second, even if you do provide company devices it is common to support only the core applications – email, calendaring and not a lot more – so users fill the gaps with their own selections.

Next page: Dark moments

More about


Send us news

Other stories you might like