How company leaders should address Shadow IT growth

May 9, 2016

As the cloud continues to be more accessible, reliable and scalable, Shadow IT will only grow.

Chief information officers (CIO) are at a crossroads. The cloud solutions are steadily replacing traditional, centralized information technology (IT) structures that served companies well for decades. This is an overwhelmingly positive direction, providing flexibility and scalability for organizations at all levels, shapes and sizes serving regional to global markets.

However, cloud technology has also given rise to individualized applications that create a pervasive, unyielding and seemingly unrelenting "Shadow IT" environment where systems and solutions are built and used inside organizations without explicit organizational approval. This process circumvents company leadership, and CIOs must decide on where their focus should lie — and whether they should construct roadblocks or throughways for the somewhat inevitable Shadow IT.

As the cloud continues to be more accessible, reliable and scalable, Shadow IT will only grow. notes, "Cisco determined that the typical firm has on the order of 15 to 22 times more cloud applications running in the workplace than have been authorized by the IT department." Additionally, a recent Global CIO survey by Brocade found that 83 percent of CIOs believe "procurement of cloud services without IT engagement will increase."

Moving into the future, it will be difficult to contain or even restrain the expansion of Shadow IT and its impact on day-to-day life for users. Productivity and decision-making tools accessible from a personal device can ease corporate and personal lives significantly. As the the workforce is firmly settling into an age of digital independence, the consumerization of IT in the work and personal life has substantive ramifications.

The question is what to do about it? Should it be embraced or resisted? CIOs will do their best to acknowledge the issue, understand why it takes place without their input, and decide how to create or support a more open environment that can drive users back into the structure rather than fleeing from it.

Let freedom ring (to an extent)

Although it may seem overwhelming or even counter-intuitive at this juncture, the primary goal is for CIOs to promote more freedom within the organization while still improving transparency of unauthorized IT used by employees. Maintaining a level of control is important, yet CIOs introduce other risks by holding employees back and resisting the bring-your-own-device, bring-your-own-application, bring-your-own-solution era. They stand to lose talented employees, productivity and responsiveness in a marketplace that moves incredibly fast, rewarding those moving into and out of markets with little to no constraints.

In order to loosen the boundaries of their environments, CIOs need to develop processes to address financial controls and monitoring tools. While both will possibly perpetuate the negative stereotype of draconian oversight, the reality is that some kind of procedure is necessary to mitigate the company’s risk.

Intel approached the issue by essentially taking on the role of an expanded vendor marketplace. "Intel is directing the company’s sourcing team to strike enterprise agreements with vendors for roughly 1,800 of the 2,000 unsanctioned cloud applications employees are using at work," according to a June 2015 post on CIO Journal, a Wall Street Journal blog.1 "The idea is to transition employees from using the consumer-oriented versions of the apps to versions that include enhanced security features."

Keep it safe

Pervasive Shadow IT amps up risk on two fronts: security and duplication. Every unsanctioned application can introduce new and perhaps undetected threats into the system. At the same time, free roaming app selection usually translates into considerable waste because employees in different business lines purchase similar services for common processes such as storage and collaboration. Additionally, data safety in an open technology environment is an even greater concern.

CIOs must manage the environment so that employees can access technology when they need it — without sacrificing reasonable protections for the enterprise. Tomorrow’s CIO needs to focus on device, data, operations and security to ensure that breakdowns are minimized. The traditional security mindset will likely come up short in this arena.

Threats can cause significant problems in a short window because the bureaucratic procedures designed for yesterday’s era bog down the response and increase the likelihood that a minor breach will spread. Success may be defined by the organization’s ability to identify a threat, isolate it, mitigate it and move on.

Less bureaucracy, more transparency

CIOs should approach access to applications, funding and security with the understanding that ultimately to do away with Shadow IT they must embrace it.

If reasonable stage gate processes for requirements review, technology selection and governance can be established, it will encourage participation in a controlled environment. This stands in stark contrast to the heavy handed, bureaucratic and lengthy/complex processes that do more to help Shadow IT grow than to curb it.

In the end, policies and procedures help everyone balance freedom with isolation and protectionism. They cannot ignore the fact that it is a dangerous world, but they must adapt or unwillingly give way to those who will. The CIO of tomorrow will want to design, develop and deploy an open IT delivery model that actually encourages the use of tools and technologies with appropriate safeguards and limiters to exposure. They can then create an environment of collaboration, transparency and unification — a common goal for organizational success in today’s fluid markets.


  • "Intel CIO Finds Business Value in Shadow IT," Clint Boulton,, June 5, 2015.

Senior Vice President of Cloud Solutions Jim Cole is the co-founder of Hitachi Consulting’s Outsourcing Services practice, guiding the firm through its planning, launch, expansion and acquisition activities as part of the company’s global strategy. He has more than 26 years of experience in outsourcing, executive management and strategic consulting with significant sales expertise.

Sponsored Recommendations

2024 Manufacturing Trends — Unpacking AI, Workforce, and Cybersecurity

The world of manufacturing is changing, and Generative AI is one of the many change agents. The 2024 State of Smart Manufacturing Report takes a deep dive into how Generative ...

State of Smart Manufacturing Report Series

The world of manufacturing is changing, and Generative AI is one of the many change agents. The 2024 State of Smart Manufacturing Report takes a deep dive into how Generative ...

Trying to Keep Pace with Supply Chain Disruption?

CPG manufacturers are struggling to keep up with supply chain disruptions. Learn how to build more resilient operations –and reduce demand shock.

Mitigating Cybersecurity Threats – Step-by-Step

Distributor Wesco adds services focused on identifying and solving OT network and security vulnerabilities in critical manufacturing.