Beware of shadows created by the cloud

Sabine Khalil, Propedia

As kids, we were all haunted by our shadows following us everywhere. Physics taught us that shadows are mostly present on sunny days, where they tend to hide from clouds. This rule, however, does not apply to today’s digital era. How can we explain the strong presence of shadow IT activities with the emergence of cloud services?

What is shadow IT?

Shadow IT activities refer to IT projects being managed by outside providers without the knowledge of the IT department. Having business units short-circuit their IT department to acquire a new service represents the core definition of shadow IT activities within a firm. In addition, as cloud technologies facilitate the provision of services for business units, firms are suffering from an increased number of shadow IT activities.

According to a survey conducted by NTT communications in 2016, 83% of the respondents perceive shadow IT activities to be increasing by 2018, where 87% of the participants were business oriented and 80% IT oriented. What is the harm in business employees adopting some cloud services without the consent of the IT department? Are IT employees aware of the different causes of shadow IT activities? Are business employees attentive to the various consequences to such activities? Would communication between these departments reduce the presence of shadow IT?

Root causes of shadow IT

Shadow IT activities have gained popularity with the emergence of new technologies such as cloud computing. The various benefits generated by cloud services (low costs, flexibility, easy access, ubiquity, etc.) have increased its adoption in firms, especially by business units. However, as adoption is increasing, shadow IT activities are also increasing. CipherCloud sheds light on the strong presence of shadow IT in large firms.

Their statistics show that 80% of business employees short-circuit their IT departments and buy unsanctioned Software-as-a-Service (software cloud services) from cloud service providers. For instance, when business employees feel unsatisfied by the services provided by their IT units, the easily accessible nature of cloud technologies enable them to acquire the needed services. This fulfills their needs, overriding the rigidity, control and inflexibility of traditional IT departments. Through the adoption of cloud services, businesses are found with the need to develop their IT skills allowing them hence, to feel independent of their IT departments.

Impact of shadow IT

Shadow IT activities lead to several negative consequences. For example, business employees are not always aware of the different national and supranational regulations and compliance laws, which threatens their firm. According to a report by SkyHigh Networks in 2015, only 7% of the adopted cloud services met the firm’s security, governance and compliance requirements. Thus, various security issues are generated by the presence of shadow IT activities.

In addition, Gartner predicted that by 2020, one third of attacks experienced by firms will target their shadow IT resources. Even if cloud technologies possess a long list of benefits, they also generate many threats for firms. One of the highest risks is security breaches facilitated by storing data in public clouds. These data are also prone to be lost. EMC affirmed a $1.7 trillion loss per year caused by data loss, confirming that businesses remain unprepared in the cloud era. In addition to these threats, excessive shadow IT activities cause disruptive controlled environments in a firm, in addition to some resource conflicts leading to a loss of synergies between the various departments.

However, if we see shadow IT from business units’ perspectives, we could claim that it has some important positive consequences. For starters, acquiring innovative services not only improves the firm’s innovation but its productivity as well. Business employees, then, deal with up-to-date solutions allowing them to be competitive in today’s fast-evolving market. Through saving employees’ time, they can hence focus on their main core businesses. This shows that if managed and governed correctly, shadow IT can have a positive impact on the firm. But, how should firms govern and manage their firms with the presence of shadow IT activities?

Solutions to shadow IT

Governance is one of the top concerns of every successful firm. When governed correctly and effectively, firms are prone to be competitive and successful. As seen earlier, shadow IT activities lead to various dangerous consequences, threatening the firm on many levels. Thus, in order to redirect these threats into positive consequences, firms need to raise awareness regarding the security, compliance and regulation issues caused by shadow IT activities.

The ConversationIn addition, better synergies, more frequent communication, and closer collaborations enable the strategic alignment of business and IT objectives. Through this alignment, the firm heads in one clear direction, transforming its obstacles into pillars. Shadow IT activities possess a high impact on the relationship between business and IT units. Thus, when dealt with carefully and governed effectively, this relationship pushes the firm forward.

Sabine Khalil, Assistant Professor in Management of Information Sytems, Propedia

La version originale de cet article a été publiée sur The Conversation.

%d blogueurs aiment cette page :