No-code Casting Light on Shadow IT
Having previously analyzed how no-code platforms can help organizations pay down technical debt, we thought it would serve well to spend some time on a particular cause of technical debt and the potential remedies for it: Shadow IT. Let’s take a deep dive into this concept, laying out its causes, associated risks and the way to tackle it.
1 - What is shadow IT?
Shadow IT refers to any software, application or device used without the control and approval of the in-house IT department. It is a source of constant concern for organizations, and lack of a strategy on how to contain it could result in data security issues and waste of resources at later stages.
2 - What causes shadow IT?
Shadow IT is a result of real needs: It was always there since the moment employees started using software programs and apps without the sanction of the IT departments. Its accelerated growth recently, however, stems from a few changes that have been in place in the last few years:
The need on the part of employees to increase productivity and efficiency: In an increasingly competitive work environment, employees feel the need to tap into the capabilities of apps and various tools for productivity gains and agility. Think about all the apps we use daily: Messaging tools like Slack or online data storage platforms such as Dropbox or apps like Calendly that we use to organize our day. Nobody is asking for the IT department’s blessing before starting to use them and this creates a lot of risks for an organization. Bring-your-own-device (BYOD) practices, which aim to make employees more comfortable by allowing them to keep working on their personal devices, can be another source of shadow IT. The IT department has no way of containing the risks caused by such practices simply because it isn’t aware of what’s going on. Nevertheless, as these examples illustrate, the concept of shadow IT, despite sounding quite sinister, is most of the time a result of well-intentioned actions. Nobody is using these tools to undermine the organizations they are working for; these are just means to make professional life a little bit easier. The resultant risks have to be managed, though.
The incapability of the IT department to satisfy the demand for its services: A recent survey done by Tonkean gives us a clear picture of the challenge IT departments are facing: Almost a quarter of the employees responding to the survey expressed their dissatisfaction with the current technology stack at their disposal and nearly half of them complained about not having much access to IT/engineering, with around one-fifth claiming to have no access at all.
According to the Tonkean survey, 82 percent of the IT staff think that their organization is using too many apps, implying that they don’t agree with the way things are going with respect to shadow IT. In a situation where non-IT personnel feel underserved and IT can not or is not willing to satisfy the demand, something’s gotta give. People simply take matters into their own hands and let IT deal with the consequences.
Business units rising to the occasion and starting to call the shots: With digital transformation gaining pace, IT departments proved incapable of conducting day-to-day tasks and leading the digital transformation effort at the same time. As a result, individual business units have in the last few years come to make purchasing decisions on their own. IT departments are no longer the sole decision-makers on IT-related issues, which has to bring about a change in the way these departments operate.
3 - What are the risks associated with shadow IT?
Data security issues: File sharing and data storage apps not only increase shadow IT but also are particularly vulnerable to data leaks. The apps you use at work and any personal device deployed for work purposes outside the supervision of the IT department compound the risk of data leaks and breaches, two of the nightmare scenarios for any organization. Having no knowledge of the apps and software programs being used in an organization, the IT department cannot ensure that they are up-to-date and necessary security patches are installed. This increases the likelihood of a data breach and the price of such an incident is always substantial in terms of financial losses, reputational damage incurred and legal consequences that might arise. IBM calculates the average cost of a single data breach at $3.86 million.
Undermining of collaboration: Different apps, tools and output formats may stifle collaboration among different teams. Aggregating and interpreting data from different work stations can turn into a real hassle, causing unnecessary waste of time and effort.
Inefficient use of resources: Everest Group has found out that shadow IT makes up 50 percent or more of IT spending. Not all of this amount is money well-spent, though: Shadow IT entails employees using different tools for the same tasks, which bring about duplicate spending. Moreover, many software licenses are purchased and forgotten, never to be used again.
4 - What needs to be done to tackle shadow IT?
Shadow IT cannot be eliminated completely. Because it results from real needs of employees, its complete elimination, even if it were possible, would mean depriving employees of tools that keep them productive and make them feel empowered and motivated. Total IT control over the technology stack of a company is no longer a realistic goal. IT departments should assume more of a consultant or supervisor role setting guidelines, establishing guardrails and overseeing the implementation of a holistic strategy. Their aim should be to try and mitigate the risks associated with shadow IT while offering the employees safe platforms where they can develop their own solutions for problems.
Low-code and no-code platforms fit the bill for a wide range of use cases here. Coming with built-in industry-best security practices and enabling safe integrations, these platforms can help eliminate risks associated with shadow IT. Once an audit of the app inventory at an organization is conducted, the next step should be purging redundant and compromised apps. A no-code platform handpicked by the IT department can then be used to create apps that can replace the purged ones. The resultant technology stack will be leaner, much more secure and cohesive while still prioritizing employee empowerment and productivity. What’s there not to like?