Shadow IT in broad daylight?
Shadow IT in the enterprise is the phenomenon whereby enterprise IT decisions are made without the knowledge, involvement or review by the organisation’s own IT department. This is especially relevant in the enthusiasm for the adoption of the latest emerging technology to fill a localised need within the organisation.
By definition, Shadow IT is under the radar of enterprise governance and as such presents a systemic risk to the organisation – something that should be, but is often not, raising alarm bells in organisations concerned about data protection, governance and risk.
A 2013 Symantec survey covering some 3,236 organizations in 29 countries (commissioned by Symantec) noted that three-quarters of all organizations surveyed had put business sensitive information into the cloud without appropriate oversight.
The fact is that given the increase uncertainty and volatility facing Australian organisations, whether public, private or government, tends to drives technology decision making which is increasingly focussed on the short term. Expediency in meeting short term targets is no guarantee of long term success.
IT consulting firms should also be aware of the potential adverse consequences to their reputation of being engaged to deliver enterprise IT services without the appropriate authority, as could occur under a Shadow IT regime.
Non-IT executives need to consider the impacts of Shadow IT, unless of course, they are not planning to be around long enough to find out!