Skip to main content Skip to Footer

Are you in the dark about Shadow IT?

Today it’s easier than ever for business units to bypass IT procurement to get the solutions and services they need. But this increasingly widespread practice comes with many risks, from hidden costs to compromised data security. Here’s what to do about it.

Overview

The good news about the era of cloud-based business solutions is that today it is easier than ever for business units or departments to get the functionality they need almost instantaneously—through a cloud provider, such as Amazon Web Services, Google Cloud Platform or Microsoft Azure, or from a SaaS provider, such as Salesforce.com, Workday or NetSuite. Define a particular business or IT need, hand over a credit card number and presto! Your IT solution is up and running.

The bad news about the era of cloud-based business solutions is that today it is easier than ever for business units or departments to get the functionality they need almost instantaneously—without the experience or oversight of a centralized IT procurement department.

It’s called “Shadow IT”—technology solutions lurking around an organization and hidden away somewhere, perhaps in a marketing budget. Is this prevalent in the business world today? Yes. Consider a December 2013 survey by cloud IT operations specialist 2nd Watch, in which 93 percent of business units said they are leveraging the cloud for services they need to conduct business—and 61 percent reported bypassing the IT function completely to do so.

When we ask clients how much Shadow IT spending occurs throughout the company, they usually don’t know. They are certain, however, that what they do see of Shadow IT is only the tip of the proverbial iceberg. In fact, we conservatively estimate that a typical large company has hundreds of unregulated cloud, SaaS and other solutions in use—perhaps 10 times that of its known cloud usage.

Why all the activity in the shadows? Business units that go off on their own with a cloud solution are not trying to be subversive; they just don’t want to wait. Companies are bumping up against the issue of IT departments that were designed for an earlier era of computing, an era based on long waits before requests were finally implemented. In many cases, IT departments simply are not structured for the speed of business today. At the same time, demands on IT resources are increasing each year even as budgets remain flat. The result: Shadow IT.

Although nimble, cloud-based solutions are good, and the intentions of Shadow IT users might not be bad, the consequences certainly could be ugly if IT procurement is bypassed. And we’re not talking about merely paying higher prices for services. Anyone running a departmental cloud-based solution must be certain that the department is in compliance with company policies regarding intellectual property protection as well as country-specific regulations about data privacy.

Why does IT compliance matter? A big reason is it helps ensure that a company’s data is protected. The Heartbleed Open SSL bug is a recent example of a major security vulnerability that may have affected hundreds of thousands of websites, potentially giving hackers access to login credentials and other data. When a threat such as Heartbleed strikes, the IT organization must determine the company’s risk. The existence of Shadow IT is one reason why accounting for all systems is next to impossible.

shadow it hiding in plain sight

Between easy access to software-as-a-service and the growing popularity of bringing personal devices to work, it’s imperative for IT procurement to be seen not as a hurdle but as a partner to the business. Here are five ways to make that happen:

Be an educator, not an enforcer. The point is not to “catch” policy offenders but rather to educate the organization about a range of considerations. Emphasize the positive. For example, explain the potential for the business to leverage economies of scale, which would reduce the overall cost of the IT solution. Share with employees what they should know about the service-level agreements and legal language they will encounter when they are making their own purchases. This kind of positive educational experience has a greater possibility of cascading throughout the organization than bludgeoning the business with reminders of compliance.

Communicate about preferred suppliers. Proactively sharing information with the organization about preferred suppliers empowers individual business units to purchase certain technology solutions directly from prequalified companies while leveraging pre-negotiated prices. Even as you share preferred options with the business, keep the door open for exceptions: Let people know that if they are considering a solution not on the preferred supplier list, they should talk to you first so you can advise them on their upcoming purchase.

Help the business get out ahead. Another advantage of a preferred supplier list is that you can leverage it to help the organization implement newer technologies. 

For example, many parts of the business want to develop mobile apps. You can accelerate the pace by establishing strong relationships with mobile suppliers—and then adding those vendors to the preferred supplier list. You support the business as it embraces innovative technology while saving the company money.

Demonstrate the value you add. IT procurement doesn’t have to be perceived merely as a gatekeeper. How are you helping the enterprise use IT to meet business goals? Consider a major technology purchase, such as laptops for an entire department. Rather than merely negotiate prices, IT procurement can provide guidance on numerous purchasing decisions—standard warranty agreements, for instance, and even hardware specifications—based on client need and company use.

Compete on easy. One of the reasons Shadow IT exists is vendors make it very easy to get business services on demand. So IT needs to be easy too. Share the preferred supplier information with the company but, as mentioned above, also be willing to discuss exceptions. Ensure a business unit is in accord with policies and with best practices in pricing, but also encourage employees to reach out to IT when it comes to procuring nimble solutions. Ultimately, the goal is to have the organization consider IT procurement a trusted resource that can help achieve business objectives quickly and innovatively, while saving money and protecting the company from risk.

About the Authors

Ryan Shadle is the North American IT-Telecom lead for Accenture Operations Procurement BPO. He is based in Philadelphia.

Brian Turley is the global IT-Telecom global lead for Accenture Operations Procurement BPO. He is based in Philadelphia.