Shining Light on Shadow IT


Shadow IT is sliding organizations back into IT financial and contractual chaos and has the potential to slow the organization’s productive use of new strategies. IT was undoubtedly slow to move at the cloud’s pace at first, but after six years, that should not be the case. Confusion is also not a natural consequence of the organization using resources outside of their own data center. After all, many “cloud” options are not new and have had a role (albeit smaller) in organizational IT for years. Why then is shadow IT so prevalent?

Shadow IT comes from end user departments working directly with external providers of IT services without going through internal processes or coordinating with the internal IT. CIOs may not be informed and not know the full portfolio of IT in use.  According to a recent Cisco study of large enterprises, there are 15 to 22 times more cloud applications running in the workplace than have been authorized by the IT department. That means that where the CIOs of these large enterprises thought there were on average 51 cloud applications in their environments, there was an average of 730! Just as it was before adopting IT Asset Management best practices, the organization has once again fractured into pockets of information about IT spend and risk. And, lest you underestimate the issue, shadow IT is not limited to Software as a Service (SaaS) and includes Infrastructure as a Service (IaaS) as well.

The shift to direct consumption of external IT services that is shadow IT comes as no surprise. For instance, Gartner predicted in 2012 that the Chief Marketing Officer will be spending more on IT than the CIO by 2017. Even with warnings such as this, the organizational view into the business management of these critical resources has been a lower priority behind the technical aspects of integration, security and the ongoing transformation into a hybrid cloud user. Another factor limiting attention to business management was the soaring expectations for immediate lower costs, reducing support for centralized management. Now, as this becomes business as usual and the cost expectations have readjusted, it is time (or overdue) that the business management of information technology becomes rigorous again.

The IT Asset Management program is an essential component to the steps necessary to close this information gap because these IT solutions still have contractual, financial and inventory elements to be managed. Certainly, cloud asset management will not be easy.  It can be confusing to figure out where the responsibility for software begins and ends within the cloud. Software accessed on another organization’s hardware does not imply removal of responsibility from your organization. Changing payment strategies to subscriptions does not mean that the usage requires no management.

Securing the organization is now more difficult than ever, requiring diligent inventory asset-centric information and reporting to support and audit security architectures. Overall, governance has become degrees harder and requires the same ITAM foundation on the expanded digital usage of the organization.

If you are interpreting the Software Asset Management role narrowed to the software installed and the responsibility of the organization, you are failing at your responsibilities.

It is difficult to predict the exact configuration of the internal management of information technology moving forward.  Will the CIO become a cloud broker?  Will the CMO become the principle force behind IT?  Will there be another player, the Chief Data Officer (CDO)?

About the Author

The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.