Shadow IT happens when other departments feel like IT isn't moving fast enough for them or IT security has become too restrictive AND they have access to their own budgets to procure the items needed to accomplish their IT needs.

Shadow IT can also happen when IT does not understand the customer requirements. One of the commonly overlooked pitfalls of Shadow IT is the lack of lifecycle maintenance. One example I had from a few years ago (2016). We had one department come to IT and ask for a new computer as their old computer had died and they needed a replacement. The IT shop did not have anything in their database showing they had any equipment in that particular shop. so they went down there and found a computer that was running WINDOWS MILLENIUM EDITION (ME) in 2016!!!!!! The only purpose of this computer was to print labels for pipes. The shop had purchased it 17 years ago and IT didn't even know it existed. It was not being maintained, secured or anything. No one knew about it so no one though to include it in a lifecycle refresh plan. The software wouldn't run on a Windows 10 machine. And to top it off they were mad at the IT shop for not being able to come in and replace it right away. Keep in mind this was government so procurements are regulated and not something that can always be done in a hurry. We eventually found out from the company that we could pay to have some new printer software shipped for about $1000 that would run on Windows 10.

I told my guys to go through the entire 11 acre industrial plant and find every computer that was there in every building and document it. I left the job before the task was complete but at the 50% mark we had found over 100 computers that:

1) The IT shop didn't know anything about,

2) The were not being updated,

3) They were out of security compliance,

4) They may or may not have had any AV products or security software on them

5) They were not on any lifecycle replacement plan

6) No one was responsible for watching/maintaining them.

So you see there are a lot of ways Shadow IT can come into an organization and there are a lot of problems that can develop. Luckily we were an industrial plant so we did not have a lot of network access that the Shadow IT could connect to the main network, but as we began modernizing the plant it became more of a risk. We also discovered several rogue networks with access to the Internet which was problematic for industrial security secrets.

---

@iluom wrote:

 

Does Shadow IT a positive sign?

 

What does it mean by the rapid growth of shadow IT ? 

 

I suppose IT departments in organizations are not able to pickup the pace to embrace digitization to support staff and employees. It has become a common phenomena in all types and sizes of organizations.

 

it's being a commonplace to use opensource and SaaS application at work without ITs approval

somehow they are helping to increase the productivity, but there are risks as well.

 

 

 

 

---

Shadow IT is not a positive sign. It is a sign that things are not working in your organization. It is a sign that either IT is not communicating well with the organization (could be either party, IT or the business) or that IT is not able to meet the customer requirements of the business.

Rapid growth of Shadow IT means that IT cannot meet the business needs therefore the business units are turning to other means of getting it done. It also could reflect bad IT procurement policies, bad security policies (no security policy, poor security policy. too restrictive security policy, etc.), poor understanding of customer requirements, poor budget management policies (i.e. each department has their own budget and lacks IT controls/oversight over what they can purchase), poor IT security posture or poor IT security relationships, or several other things.

---

@iluom wrote:

 

I suppose IT departments in organizations are not able to pickup the pace to embrace digitization to support staff and employees. It has become a common phenomena in all types and sizes of organizations.

 

---

Or it may just mean that people just chase the latest fads and tools. A few things done well is a much better than a mish mash of resources that no one can keep track of, but it is too easy for someone to see some app that makes life "so easy" for them that they insist everyone else has to use. Here's a simple case in point: Venmo. People seem to be flocking to the thing and what's its selling point over Paypal or (heaven forbid) sending a check? It's integration with social media. Yes, by all means, announce to the world the bill you just split. I can sincerely say that 90 percent of the "technology" that comes across my desk each day is pure crap. That doesn't stop the lemmings from buying it, downloading, using it, and getting bitten by it.

I started working for an organization that actually had split their IT functions due to Shadow IT.  It stated with the IT folks not being responsive enough to the needs of the development teams.  As this happened a Shadow IT department sprung up and finally became recognized as an official IT supplier.  So there were two sets of Computer Operations folks, development teams, support people and networking folk.  Unfortunately, there were still a few shadow IT groups so there was no real Architecture or Strategy (long or short term).

After a few years, this came under review and found to be "unhealthy" to the organization due to duplication of systems, people, multiple computer rooms, etc.  At this point, it was decided to merge the groups into one (fortunately no jobs were lost) and the coming together proved beneficial to the organization.  

So yes Shadow IT does happen, sometimes for the good of the department and sometimes to the detriment of the organization.  

Folks in IT are concerned with keeping the organization functioning and secure (payroll, ordering, customer service) while departments want the latest tech (ipads, smart phones, surfaces) and the latest apps (Docusign, skype for business, etc.).  Sometimes the two are at odds as IT doesn't have time but the department has one or two techies who are more than fill the empty slot and bring in tech that IT must now scramble to support.

Shadow IT is now bad when done correctly.

Just my nickel Canadian.

Diana