Shadow IT and the Allegory of the Cave
by Chris Nielsen, Sr. Director of IT at Axon
I think we can all agree that the separation between IT (information technology) and business is rapidly narrowing to the point that technology is not just the enabler, but also the driver of new business processes and strategies across virtually all parts of any organization. At the same time, individuals within these organizations are becoming increasingly technology competent and technology-dependent to do their jobs. You don't need to be at a technology company like Axon to see both of these trends. Add in the impetuous advancement of SaaS and cloud computing and you have all the right conditions for Shadow IT growth in your organization. That sounds like a problem, but is it really?
In many CIO and IT leadership circles, the topic of Shadow IT will quickly draw scorn. The label itself implies an underhanded and chaotic connotation, so the reaction is never entirely without some merit. Shadow IT is generally defined as computing hardware, software and services outside the ownership control of the IT department. It was originally coined under the power structures of the more traditional monolith IT organizations that were designed, with noble intentions, to control virtually all information technology software and infrastructure assets. Faith in this belief system about how IT exists and must be managed is akin to Plato’s infamous allegory of the cave.
In Plato’s fictitous cave, a set of prisoners spend their entire existence forced to look at nothing else but a wall in front of them. Directly behind them is a fire, and between this fire and the prisoners is a walkway of puppeteers which produce shadows in front of the prisoners of what is actually taking place directly behind them. Naturally, these prisoners grow up to assume the shadow images to be real rather than just shadows of the truth. In a very similar way, many veteran IT leaders have not yet fully considered that the Shadow IT on their cave wall is actually the result of their IT department's deficiencies and inability to keep up with the increasing technology needs of the organization. In reality, the days of the CIO and the IT department being able to successfully completely control and deliver on all things IT are gone. The demand for IT has simply outstripped the IT department's capacity to supply and Shadow IT has naturally resulted to solve this disequilibrium.
The Shadow IT starter kit is now just a credit card and a web browser. This means that anyone can circumvent your IT department to purchase low-cost subscription licenses or computing power to have a new application up and running in virtually no time at all. Additionally, the popularity of BYOD (bring your own device) has further provoked your increasingly tech-savvy employees to make their own technology decisions. But these factors present an opportunity to catalyze the entrepreneurial and technical talents that exist in your organization to bring the right opportunities to the forefront in addition to leveraging an extended IT capacity to execute on them. This strategy is one of guided empowerment rather than criminalization and the abominable “no.” Otherwise, attempting to simply eradicate Shadow IT can quickly become a self-defeating measure that will push your Shadow IT further into the shadows. For every application that you block, you are certain to find evidence of your employees finding other and potentially riskier alternatives to use in its place.
Plato, in his philosophical musing, offers an interesting plot twist in his cave allegory. What if one of the prisoners, having been forced to stare at the half-truth shadows for their entire lifetime, is then freed to turn and look back to see that these shadows were instead the result of something much more substantial and real? With this newly obtained enlightenment, how would this individual convince the other prisoners still staring at the mere shadows that there is profoundly more in which they are missing out on? Attempting to flip another's viewpoint of Shadow IT can be a similar challenge and there are no easy templates to actually transition your Shadow IT from a liability to an asset. However, consider the following pragmatic approaches that we've found success in at Axon as you contemplate your own strategy:
- Assess the extent of shadow IT in your enterprise. Need a place to start? Follow the money. Work with your accounting team to inventory your current company spend on computing and licenses. Also consider implementing monitoring on all incoming purchase order requests for new hardware/software/licenses to help you get in front of future needs.
- Establish clear horizontal and vertical categories for technologies and services. Data leaks and unsecured data flows are particularly major sources of anxiety for all IT leaders and organizations subject to strict regulatory compliance, like Axon. Shadow IT is not secure by default, so it is quickly at odds with necessary requirements when not clearly defined and monitored by IT. Your IT department should always maintain absolute domain over the horizontal functions and requirements which involve security, connectivity, core systems, integrations and integrity of shared data. The vertical categories of more semi-autonomous line-of-business technologies and low enterprise risk can be more flexibly federated to your Shadow IT insofar as they adhere to the guardrails established by the horizontals.
- Grow and develop citizen developers. Arm interested company employees with the appropriate knowledge and tools to build their own applications, workflows and analytics/reports. There are probably many more IT-savvy people outside of your IT department than you may realize and so many low-code/no-code platforms are now available to make developers out of anyone capable of building a spreadsheet. Officially identify these individuals and then consider creating an internal certification program that supports them and provides a means for promoting their levels of access. Additionally, get IT involved in the testing process to ensure that these new apps/reports are ready for primetime.
- Conduct routine meetings with the mid-level leadership across departments. This is necessary to keep the Shadow IT extensions in sync with the IT department and better understand what each department’s needs are at the frontlines for partnered solution opportunities. In addition to this, you could establish a cross-department strike-team that focuses on prioritizing projects and efforts that intersect multiple functions for architectural coordination.
Axon was built on and continues to grow on the experimentation and innovation in all roles at all levels. Shadow IT, if embraced and managed appropriately, can be your accelerator for getting things done and stimulus for technology innovation. As intrepid IT leaders, we should empower the enterprising individuals inside our organizations to act on faster and better ways of doing business with technology, but also do so in a safe and sustainable way with sound security boundaries. This way the business gets the solutions they want quickly and IT gets the peace of mind it needs. Everybody wins. That’s the assured future of IT in virtually every organization and it can be your competitive advantage right now if you can free yourself from the conventional wisdom of managing IT.