Can you recognise the business risks of Shadow IT ?
Shadow IT in the organisation is the phenomenon whereby business technology decisions are made without the knowledge, involvement or review by the organisation’s prevailing governance processes or IT department. This can result in increasing the business risks of shadow IT
This is especially relevant in the enthusiasm for the adoption of the latest emerging technology to fill a localised need within the organisation. A misguided technology evangelist could convince business leaders to adopt a particular technology that may end up increasing the business risk.
By definition, Shadow IT is under the radar of enterprise governance and as such presents a systemic risk to the organisation – something that should be, but is often not, raising alarm bells in organisations concerned about data protection, governance and risk.
Back in 2013, a Symantec survey covering some 3,236 organizations in 29 countries noted that three-quarters of all organizations surveyed had put business sensitive information into the cloud without appropriate oversight. Since then, nothing has changed, with Shadow IT new becoming the norm in organisations, whether they acknowledge it or not. In 2015, a survey conducted by Brocade suggested that 83 percent of CIOs surveyed believe that the prevalence of Shadow IT will increase.
The fact is that given the increase uncertainty and volatility facing many organisations, whether public, private or government, tends to drives technology decision making which is increasingly focussed on the short term.
Expediency in meeting short term targets is no guarantee of long term success.
One of the contributing factors fuelling Shadow IT is that individuals within the organisations just cannot afford to wait for their IT departments to deliver the solutions and technologies that they need at that point in time.
Non-IT executives need to consider the business risks of Shadow IT, unless of course, they are not planning to be around long enough to find out!