Let Staff Go Rogue on Tech
Companies Should Empower 'Shadow IT' From Their Most Technologically Disobedient Employees
Updated June 8, 2014 8:04 p.m. ET
Want to be more competitive? Then empower your most technologically disobedient employees.
If you're like me, the first thing you do when you join an organization is figure out how to avoid the Kafka-esque nightmare that is the company's own IT system. Because let's face it, in most organizations, what should be the simplest tasks—purchasing, booking travel, even email—are Byzantine compared with how we accomplish them on our own.
Which helps explain why 80% of people working for organizations with more than 1,000 employees go around the IT department and use (or even buy) software that lives primarily in the cloud, according to a recent survey by market-research firm Frost & Sullivan.
There are a dozen names for this phenomenon, but my favorites are the ones that make it sound as though downloading Dropbox or using Google Docs is like buying weapons from shady Eastern bloc arms dealers: "Shadow IT" or, less commonly, "Rogue IT." The phenomenon is also known as Bring Your Own Software, Bring Your Own Access, Bring Your Own Cloud, Bring Your Own Device or simply Bring Your Own Everything.
Perhaps there was a halcyon era when chief information officers were mostly occupied with making employees more effective, but in this age of increased regulation (Sarbanes-Oxley), security breaches (Heartbleed) and industrial espionage, the main task of a CIO at most companies is keeping customer data away from hackers and intellectual property out of the hands of rivals.
As you might imagine, CIOs aren't thrilled that most of their employees are dumping potentially sensitive data into Web-accessible, cloud-based applications they may have never heard of, much less vetted. But here's the thing: The companies that clamp down hardest on outside IT are ceding competitive advantage to those that empower employees to make their own decisions about what they need to accomplish their jobs.
Of course, it's not as if companies have much choice.
After interviewing a number of providers of cloud-based software about how they have managed to insinuate themselves into Fortune 500 companies without hiring a single salesperson, here's what I discovered: Most companies are playing whack-a-mole when it comes to "unauthorized" software like cloud-storage services and productivity software. As soon as one group is banned from using a useful tool like Dropbox, someone somewhere else starts using it. Employees just want to do their jobs, and if corporate IT isn't moving as fast as they are, well, whose fault is that?
Here is a typical example of how Shadow IT makes people more productive: Many companies still control access to files employees share with each other by keeping the files behind a corporate firewall, or machines IT controls directly. The problems with this approach are myriad: Employees must be connected to their company's network to access the files; when they work remotely they have to access the files through a "virtual private network," which can be cumbersome on a PC and almost impossible on a mobile device. Cloud solutions like Box, Dropbox and others allow workers to access files anytime, on any device, and can even allow them to track all the changes others have made to a file. Many cloud applications also allow real-time collaboration. Google Docs lets multiple people write and edit in the same document simultaneously, and Lucidpress lets multiple people lay out and design the same document, each watching the others' changes unfold even as they make their own.
Even when it's time to pay for the (initially free) services employees have grown fond of, they are so much cheaper than traditional enterprise software from firms like Microsoft, Oracle and SAP that they can be expensed on a credit card.
Roger Lee, a partner at venture-capital firm Battery Ventures, which invests in some software-as-a-service firms, calls this model of enterprise software "bought not sold" because employees are clamoring for these tools, whereas in the old days well-paid salespeople made fat commissions persuading C-level executives to adopt them.
The implications for makers of traditional enterprise software, who grew accustomed to a model in which employees had no choice but to use whatever software their company bought, are huge. Users are saying, why is this enterprise software product so bad? says Mr. Lee. The answer, fortunately, is it doesn't have to be.
Ease of use is a trait common to all the next-generation enterprise software that starts out as "Shadow IT." Just like consumer technology, these are systems that must "sell themselves," one customer decision at a time, at least until enough people within an organization use them so that corporate IT notices.
Once a shadow IT service is sufficiently popular, whoever is in charge usually conducts a formal analysis of the provider's security measures and compliance with appropriate regulations. As long as everything checks out, what started as an employee end-run around their own IT staff becomes institutionalized.
It's been said that every company is now a technology company, and if that's so, shadow IT is the logical extension of that: Every employee is now a technologist and should be treated as such. Thanks to "freemium" software, mobile apps and the cloud, people now have the power to provide their own solutions while crafting the workflows that are most effective for them as teams and individuals.
One survey, by Gartner, predicted that by 2015, 35% of the money companies spend on IT will be spent by employees who don't even work for the IT department. And PricewaterhouseCoopers found that at companies it rated as "top performers," more than 50% of IT spending was already happening outside the IT department. This suggests that firms concerned about the security issues of shadow IT are missing the point; the bigger risk is not embracing it in the first place.