Shadow IT? Blame the IT department for lack of support for new ways of working

Monolithic applications and inflexible security policies driving business and ordinary staff to use third-party IT

"Shadow IT is the new way of doing IT," suggests Mark Crosbie, international head of trust and security at Dropbox, the popular cloud file hosting service. "It's the new way of provisioning fast, lightweight, agile solutions for people to collaborate and work," he adds.

Crosbie blames inflexible IT departments that have not fully appreciated the flexibilities that people need of their IT departments these days.

"At the end of the day, most people just want to do their job, so IT solutions that are hard to use or monolithic are causing them frustration. They're causing people to actually do extra work to satisfy what is, for them, [security] controls they don't really worry about.

"The other thing is the new way of working these days, where teams are coming together to collaborate on short-lived projects and then disbanding again. It's a very fluid way of working. So collaboration is the new business model, and people are looking for collaboration solutions.

"The traditional IT department model of fixed provisioning - 'this is the way the business is, so this is the way the IT solutions are' - won't work in this new world of loose, dynamic teams," he argues.

Crosbie was speaking during Computing's web seminar, 'Getting Around the Shadow IT Problem', which examined how IT departments ought to respond to the growing problem.

It featured the results of Computing's own study among end-user IT organisations, which found that the majority of IT departments struggle to get complete visibility into everything their users are using.

Computing's research found that 30 per cent of respondents could see everything that was connecting to their corporate network. "But the majority of respondents said that they could see most things, but that there are some grey areas. Eleven per cent admitted that there are areas that they don't know about," said Sooraj Shah, Computing group features editor, who was presenting the results of the research.

He added: "One-tenth said that they are pretty sure that there are all sorts of things that users are adopting that IT is not aware of. Just one per cent said 'definitely not'."

Andy Boura, senior information architect at Thomson Reuters, suggested that the level of visibility into the use of shadow IT would depend on the resources that organisations put into it.

"The visibility will vary depending on the parts of the organisation you're looking at, functions and things like that. It's a real challenge that's often faced between getting the visibility and getting it captured, and actually having the resources to look at it in the level of detail necessary to properly understand it.

"It's one thing to capture the network logs and which services are being consumed, but is someone doing the work to go through that and to determine what it means in terms of [shadow IT] services that are being used? I'd be surprised if the proportion with that sort of level of really good visibility is as high as the survey suggests," said Boura.

Unless IT departments really look for it, they can't possibly know how much shadow IT is being consumed across their organisation, he added - and most IT departments have plenty of other work to do.