Does shadow IT lurk in your company?

Business divisions are bypassing the IT department, making their own decisions to buy cloud-based application services or use mobile devices, raising the specter of so-called "shadow IT" that's outside the knowledge or control of the CIO and the IT staff.

"The data is suddenly not in the organization anymore," says Chris Curran, principal for technology strategy and innovation at the PricewaterhouseCoopers (PwC) consultancy, about the aftershock that can come when IT finds out that business managers found it quite simple to pay for sophisticated kinds of cloud-based applications for sales and customer relationship management without telling IT.

In the old days, such actions -- usually about rogue wireless LANs or websites that business units set up -- would have been considered serious negative behavior that warranted a "play by the rules" lecture at the very least. But today, Curran says, the CIO and the IT staff are in a very different spot than they were in 10 years ago, and they have to take a hard look at why shadow IT is happening -- and it may be for a valid reason.

Based on its own analysis, including the "Raising Your Digital IQ" survey of 500 U.S. companies with annual revenues of about $500 million, PwC estimates that somewhere between 15% up to 30% of IT spending now occurs outside the standard consolidated budget of the IT department. Sometimes it's wholly unknown to IT staff and sometimes it's not, though IT isn't exactly consulted.

Cloud services buying, in particular, is today a major factor in spending outside "the processes and procurement practices of IT," says Curran. Complications ensue when the business managers, after their shadow IT decisions for cloud services, later go to the IT department with demands to integrate enterprise data with what has become cloud-based data in order to do analytics or for other purposes.

Curran argues that this shadow IT issue is only going to grow for the enterprise IT department. The business unit may have made a decision to go around IT because they consider it too slow, or managing a CRM application they don't feel is optimum anymore for the business. Other services, like file-sharing services the IT department finds out business people are using, are likely to cause concern about security or compliance, too. But the CIO has to strive to "partner with the CFO to get visibility into this type of expenditure," says Curran.

"Someone needs to have the enterprise view." In the end, the IT department may have to adopt to a changing role, he notes.

Andrzej Kawalec, global chief technology officer of Enterprise Security Services at HP, agrees shadow IT is a significant issue, though he doesn't think it's necessarily as pervasive as PwC sees it. But he does agree, "It's one of the biggest challenges to IT."

He says business units often make these direct IT buying decisions out of a sense they have to move fast to reach new channels or markets. "This is often based on a clear business mandate and logic." But there are often "hidden costs" in managing data after a shadow IT project has occurred, he points out.

Resources become more and more fragmented and spread out or "misaligned." One top concern in shadow IT will certainly be security and compliance of data.