It looks like you have JavaScript disabled. Some parts of the site might not work properly or look right. Please consider enabling JavaScript for this site.
If you don't know how to enable JavaScript, click here.


All news

Doing it yourself - the realities of Shadow IT

Read More

Everyone knows the official way to get things done in IT - contact the helpdesk, file a development request, make a business case. That's the way it's meant to be done, so why isn't that the end of it?

Deadlines, objectives and reality get in the way unfortunately. Telling your boss that you can't do what you need to because you're held up by the IT department won't cut much ice - "find another way and get on with it" might be the response.

Contrary to popular belief, the IT department aren't disinterested and unhelpful (well not always anyway!) - they have their own procedures to follow, and with many companies tightening their budgets, your project is probably a long way down the list. "We might be able to fit it in next financial year as long as nothing urgent comes in" is a common response. With a good business case and persistent chasing you might get the go ahead, but for many people it's easier to go round the problem than go through it.

For £5 a month you can rent a share of a data centre-hosted web server with a database and it will be ready to use a few minutes after you order it, allowing you to serve hundreds or thousands of users. Maybe you or someone else in the team did some programming at University or outside work. You also have Microsoft Access installed on your PC, and you've seen formulas and macros used in Excel. All you need is some time and maybe the odd expenses claim, and you can get the whole thing setup in less time than it takes to fill in the "development request" form, let alone navigate the whole process. It's appealing, and your boss won't care, in fact you'll probably get a promotion after having solved the admin problems that have been plaguing a team of 30.

I've seen this happen dozens of times and totally understand why people do it. The IT department can't sleep for worrying about it and send alarmist emails about data protection, backups, information security, unsupported systems and make sure everyone knows that they want nothing to do with it. In the meantime the business benefits from the project and it continues until the requirement ends or IT are persuaded to adopt and support it, in exchange for promises not to repeat the exercise.

This whole process of doing IT without the support of the IT department is called Shadow IT. While I admit to having a soft spot for the people that set these systems up, I have also dealt with them from the IT department side and am aware of the huge number of risks that they introduce. Some IT managers try to introduce ever tighter security to stop it, or threaten disciplinary action against the people that are involved - this is missing the point. When dealing with Shadow IT I would recommend open communication with the people involved and guidance to minimise the long term risk. To summarise:

IT Departments

  • Make your development and support requests simple and easy to use - speak to your users rather than hiding behind forms designed to put them off requesting work.
  • Provide development guidance for in-house applications. This will make future migration easier.
  • Provide internal hosting at minimal / no charge using technologies that you have approved.
  • Maintain a log of Shadow IT apps and work out how they might be migrated in the long term.
  • Use the presence of Shadow IT apps as an indicator of failure in your "strategic" apps. If the strategic app was working well, why would people be building their own replacements? Use this to inform your strategic road map.
Prospective Shadow IT Developers
  • Use technologies that you know the business already uses - it will make it easier to get support.
  • Keep management and IT informed
  • Don't break data protection law - research it online.
  • Don't fall foul of any company policies regarding company data, especially if you are considering uploading any of it to the Internet. It could cost you your job.
  • Back up your whole project regularly (lots of information about this is freely available).
  • Make sure you thoroughly test your work before letting anyone use it.
  • Investigate security (again, lots of information about this is freely available).