Shadow IT: What It Is, Who’s Doing It, and Why

This is the first blog post in a three-post series written for CEOs and Line of Business (LOB) leaders. Our aim here is to explain what shadow IT is and why it’s occurring (that’s this post). Why shadow IT is dangerous for the enterprise is post #2. What you can do about it is post #3. Trying to “get tough” and eliminate SaaS and PaaS from your organization is not the answer. Neither is turning a blind eye.

What Is Shadow IT?

Shadow IT typically refers to line of business staff going outside the confines of enterprise IT for Software-as-a-Service (SaaS) applications. Shadow IT is most common for:

  • Business productivity – e.g., Microsoft Office 365 and Google Apps
  • Social media – e.g., LinkedIn and Facebook
  • File sharing, storage, and backup – e.g., Dropbox and Apple iCloud

Shadow IT also refers to IT staff themselves going outside the confines of the corporate IT framework. For example, developers might do application development and testing in the cloud through platform-as-a-service (PaaS). Like LOB users using SaaS to access a wider range of applications more quickly, developers use PaaS to deliver value with the speed that the business demands.

How much spending does shadow IT represent? While it’s hard to pinpoint a dollar figure, in 2012 a PricewaterhouseCoopers study found that shadow IT accounted for 15-30 percent on top of the “official” IT budget. According to a recent report from the member-based corporate advisory firm CEB, spending on shadow IT now may be as high as 40 percent on top of the “official” IT budget.

Who’s “Using” Shadow IT?

In 2013, Stratecast and Frost & Sullivan surveyed 300 IT staff and 300 line of business staff. They found that 83 percent of IT staff and 81 percent of line of business staff use at least one non-approved SaaS application in their day-to-day business activities. The same survey also revealed that the average company uses around 20 SaaS applications. Of those, more than seven are non-approved.

Who is using shadow IT? Everyone. “We have met the enemy and he is us.”

Why Do Users Turn to Shadow IT?

The benefits driving line of business and IT users to shadow IT include:

  • Ease of access
  • Ease of maintenance
  • Quick deployment
  • No capex required – it’s monthly opex (which flies more easily under the radar)

Shadow IT | Photo: Brian Fanzo taken by IO.Flims - Mike Chesworth

In the line of business context, shadow IT is driven by the increasing prevalence of cloud-based software-as-a-service applications. These empower employees to do what they need to do to maximize their productivity. Employees who turn to shadow IT are typically not malicious. Nor are they ignorant of the security risks. But cloud-based applications simply enable them to do their jobs better.

The rise of shadow IT is driven by this simple fact: With bring-your-own-device (BYOD) and now bring-your-own-cloud (BYOC), users are in control. As CloudTweaks put it, “Employees can now obtain the capabilities they want, when they want and for as long as they want, without having to wait for IT to build it.”

Similar to SaaS for LOB users, platform-as-a-service allows developers to go around hardware procurement/provisioning and licensing issues. ActiveState CEO Bart Copeland explains it well: “Gridlocked by the processes and protocols imposed by IT management, developers very often give in to the temptation of moving their projects outside where they can progress faster… to support time-sensitive project delivery.”

Given these benefits, it makes sense that employees turn to shadow IT. It helps them do their jobs better. But it also creates a nasty shadow that looms large over the enterprise.

That’s the stuff of CIO nightmares, and the topic of post #2. So stay tuned to learn more about why shadow IT is dangerous. And for post #3, where we’ll talk about what you can do to enable the benefits that shadow IT can offer while mitigating the risks.

DISCLAIMER: This document is for reference purposes only. The information contained herein should not be relied on and neither IO Data Centers, LLC nor any of its affiliates makes any warranties or representations as to its accuracy.