What Should CIOs Do About Their Shadow IT Department?

Within your IT department lurks a shadow IT department
Within your IT department lurks a shadow IT department
Image Credit: Domi

As the CIO of your company’s IT department, you’d like to think that you know what’s going on in your departmentbecause of the importance of information technology. I mean, you control the budget for your department and everyone in the department works for you so it makes sense that if you don’t fund it, then it’s not going to happen. Problem solved, right? Not exactly. In today’s hyper connected world, people in your IT department are probably doing things that you don’t know anything about. You’ve got a shadow IT department problem!

What Cisco Found Out

The hardware equipment vendor Cisco is always looking for ways to sell more of their gear. They recently used their equipment that corporations had already installed as a part of their corporate network to conduct a study. What Cisco wanted to know was just how many cloud-based services employees were actually making use of. Yes of course, many firms have elected to use a variety of cloud based services for tasks such as submitting expense reports and conducting annual performance reviews. However, Cisco had a hunch that even more services were being used.

I guess that perhaps we should stop for just a moment and make sure that we all agree on just what constitutes a cloud-based service that IT department employees could be accessing. In addition to company approved online expense report filing tools, employees may be making use of Web based word processing programs (Google Docs), Web based email (Gmail, Yahoo, etc.), social networks such as Facebook, Instagram, and Twitter, music and entertainment sites such as Pandora, YouTube and even NetFlix. Additionally, file storage sites such as Dropbox may being used.

As you may have already guessed, what Cisco discovered will probably come as a surprise to many people in the CIO position. When CIOs were asked to estimate how many cloud services their IT departments were currently using, they guessed at a number around 91. Cisco then went ahead and activated monitoring software that ran on the Cisco gear that firms had installed as a part of their network. What these monitoring tools revealed was that on average, the number of cloud based services that the average IT department was accessing was more like 1,120. Clearly there is a disconnect between what the CIO thinks is going on and what is really going on.

Why You Have A Shadow IT Department

As the person with the CIO job, you might rightly ask “what is going on here?” You thought that people would only be accessing the cloud services that you had authorized the IT department to use, but clearly the natives have run amok. One of the key things that you’ve overlooked is the simple fact that today it’s very, very easy to access cloud services. There are many of them out there and all they really require a user to do is to sign up and then they can sign in and start to use the service.

A good case in point would be one of your developers. We’ll assume that they are under pressure to get a project done. When they decide that they need an additional server in order to complete their project they have a couple of choices. They can take the by-the-book company route and submit a request, wait for it to get reviewed, funded, and authorized. They can be looking at a delay up to as much as a week before they’ll have their new hardware. Alternatively, they can get out their corporate credit card, contact Amazon’s cloud services division, and have a new server set up and properly configured for them in less than 30 minutes. Which route would you go?

As the CIO you need to understand that your workers are going to be gravitating to the lowest resistance way of completing tasks. As various cloud-based services start to occupy more and more of their time when they are away from work, it only makes sense that while they are at work they access these services also. What most IT departments are missing are clearly stated rules regarding what cloud-based services are appropriate for use in the workplace. You need to huddle with the members of your department and come to an agreement on what should be permitted and what should be blocked sooner rather than later.

What All Of This Means For You

CIOs would like to believe that they are on top of just about everything that is going on in their IT departments. However, it turns out that there is a massive thing called a “shadow IT department” that has been operating in all of our IT department under our very noses.

The shadow IT department consists of all of your IT workers who are using their workplace IT resources to access cloud based services that you may not even be aware of. From word processing to surveys to entertainment, the number of such services seems to be growing every day. As the CIO you need to be aware of just how big of an issue this is at your firm and then you need to take action. You need to meet with your staff and discover which services they can’t live without and which ones might pose a security threat to the firm.

Knowing that there is an issue is the first step for a CIO. You need to understand that the cloud-based services that are being used are helping your company to get work done and move forward. However, you need to be aware of what services are being used and you need to make sure that their use is not opening the firm up to attack from the outside.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Who in your company is in the best position to make decisions on what cloud-based services your people should and should not be using?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

As the person with the CIO job, it’s your job to understand the importance of information technology and keep the company’s networks secure. We invest a great deal time, effort, and cash into buying and configuring devices to accomplish this. We also pay for a great deal of training of our staff on what they should and should not do. However, it turns out that we still have a significant threat to our network: every person who uses it.