Now more than ever, users are able to navigate and control SaaS applications. In this Dare to Innovate podcast episode, we discuss the ease of SaaS licensing and pain points for IT departments. Join Calero-MDSL CTO Simon Mendoza, CEO Scott Gilbert, and President and CRO Andrew Taylor as they dive into the risks and rewards of shadow IT.
What is Shadow IT?
Shadow IT is any information technology system or solution that's used inside an organization without explicit approval or oversight from an IT function. This applies to both software and hardware. Because IT does not have line of sight to these systems, they lurk in the shadows - that's where the name comes from.
Examples range from mobile devices (i.e. cell phones, laptops) to SaaS applications, and even technical infrastructures. How these solutions are purchased is typically not through standard protocol, further distancing any visibility to an organization's technology estate. Although shadow IT is a common occurrence, it poses a major risk to security and management of systems.
Is It Really a Problem?
Shadow IT happens for a reason. Most employees who implement any sort of solution are looking to solve a business problem, whether it be an immediate issue or a long-standing pain point. Taking the reigns on solving for their own problems is not nefarious; in fact, taking ownership represents a drive to make improvements.
When we talk about shadow IT, it's really about the consequences. This could be related to security, privacy, and even cost. Control is easily lost when these systems begin to add up. Questions that inevitably need answers are:
- Who has ownership of this solution?
- What budget is this coming from?
- How do we ensure the solution meets compliance standards?
- What doors have been left open since implementation?
Empowering business leaders to solve their own issues is important, especially in a world with heavy influence from self-service and cloud applications. However, leaders do not always have visibility into existing contracts and potential negotiations that have already been made with vendors. This further feeds the underlying issue of lack of control for all parties.
Beyond Cost - Risk Security
Cost is a big concern, but a large portion time spent with IT is mitigating risk to security and policy. Maintaining compliance is a mission-critical practice for businesses of all sizes. These policies allow the department to mark solutions as safe not only from an information security standpoint, but also for data sovereignty and protection.
Shadow IT is a direct hit to these concerns, causing frustration and lack of jurisdiction. For example, customer data may need to contractually be stored in a certain area or geographic region. If an employee implements something to disrupt that policy, it's not only a risk of security - it's a huge risk on corporate compliance and responsibility to other parties.
How to Leverage for Enablement
The presence of Shadow IT shows promise - it's a sign of having dedicated employees that prioritize problem solving. Rather than pinning down the practice, it's important to continue empowering employees while having the right tools to solve.
- Modernize the technology lifecycle. The lifecycle management approach allows organizations to constantly review sourcing, risks and privacy with the right tools.
- Implement an inventory mapping strategy. Enable software solutions or consultants to review your current standing to create a plan of action.
- Optimize your estate. Identify opportunities existing within your technology estate for condensing solutions and contract negotiations.
For visibility, control and optimization to your entire technology stack, innovative SaaS Expense Management tools are within reach.