Do you know or can you guess the show depicted in this picture? I’ll give you a couple hints: In addition to being related to the title of this post, it originally was a 1930’s radio show with the opening line of: “Who knows what evil lurks in the hearts of men…”. Don’t know yet? How about this: it was turned into a movie in 1994 starring Alec Baldwin…which has the dubious honor of being one of the worst comic-book movies made. Don’t worry if you didn’t get it…its pretty obscure: The Shadow.
After this topic came to mind, I am amazed that I haven’t written about it earlier. I believe it is one of the biggest “elephants in the data center”…or, more precisely, an elephant outside the data center. Do you know what Shadow IT is? Not sure, here’s a hint: does your company have one of those “under the radar” applications? In the “old days”, these were commonly Microsoft Access databases that someone turned into an application. In recent days, its some cloud-based app that was somehow procured without much knowledge of the official IT organization.
While cloud apps/servers may be the latest incarnation, shadow IT has been around forever. It’s when a department gets fed up with the IT organization and takes matters into its own hands. This happens when the IT department doesn’t take enough interest to learn about a certain part of the business…and isn’t responsive to the business’ needs (spoiler: this is the key part). The result is that somehow, money is spent on technology to address the business’ needs but isn’t folded into the main technology infrastructure…and often times isn’t fully supported by IT. That’s shadow IT.
In the past, most people perceived it was just a turf battle for control or money. Now days, however, shadow IT could be a major security risk (at worst) or the main driver of innovation (at best)….or both (ugh). Much of the shadow IT gets its start from the lack of speed and agility of the IT organization. Why wait days or sometimes weeks to get a new server when you can go onto Amazon Web Services and fire up a server in a few minutes? ….that’s the “gateway drug”, so to speak. When non-IT people get a sense of how easy it is, the flood-gates could open and no one looks back to the official IT group again.
While this may seem somewhat extreme, it’s a real concern. Just recently, Gigaom Research has raised the issue that new cloud solutions – if left unchecked – could be a major security risk for the organization. Fortunately, anyone who is motivated to address it can get help from related articles. In one from Computerworld, another elephant in the room is called out that a mindset change is needed in IT organizations that they need to expand their perimeters and acknowledge that there are corporate assets out in the cloud.
Really, I do believe it is a mind-set change that gets a handle on shadow IT…and a denial mindset ignores it until a disaster happens. This is evidenced by the fact that many CIO’s struggle to keep pace with innovations and are sometimes focused on only “keeping the lights on”. For that, I say that IT organizations need to start off-loading their grunt work (e.g., network, data centers, backups, etc…) to the cloud to free their staff up for more attention on the business…after all, who pays for the IT organization to be there? Revenue from the business, right? Ok, then…get out there and find out why you have shadow IT and what you can do to learn the business to bring it into the fold of legitimate IT. Otherwise, you’re just setting yourself up for some major security breach….unless you’ve already had one and just don’t know it (but that’s for another blog post).