1. Shedding Light on Shadow IT
Microsoft Enterprise Architecture Round Table
David Lavin, Ramit Luthra, Karun Pothacamury, Donald Stahl, Tom Valva
October 16, 2014
2. What is Shadow IT?
• Shadow IT are those technology
related activities that are not
controlled and administered by the
“official” centralized IT function
• The centralized IT function believes
that these activities are part of the IT
organizations charter, and would
normally be under its control
3. What Drives Shadow IT?
• Shadow IT groups desire to operate independently of
the centralized IT function for various reasons:
– Competitive drivers
– Pressure to innovate
– Availability of cloud services
– Desire for independence
– Enhanced productivity
– Specialized domain knowledge
– Control over the development life-cycle
– Budget autonomy
4. Types of Shadow IT
• Practice driven
• Rogue efforts
• Purpose driven
5. Types of Shadow IT – Practice Driven
– In this model, a group
that is part of a distinct
practice within the
organization performs its
own technology
management partially or
entirely independently of
the central IT organization
6. Types of Shadow IT – Practice Driven
• Legacy
– Precedes the formulation of a mature IT organization
– The group uses its own resources and expertise to create
and/or adopt technology as needed
– Groups were never considered a technology function
– Distinct from the groups that traditionally used the first
computer software
– Often these are delivery-critical operational groups
(warehouse management, media productions, sales)
– Deal with technologies and vendors of which the IT
organization has no hands-on experience, or operational
knowledge
7. Types of Shadow IT – Practice Driven
• Organic
– Strong focus on customer/consumer facing technologies.
– Management of B2C web presences, mobile application development, and
other public-facing technology assets for the business.
– Driven by market pressures and competition; often part of marketing
departments.
– Centralized IT often lacks capabilities, particularly in the mobile design
areas
8. Types of Shadow IT – Practice Driven
• Expert
– Requires high degree of subject matter
expertise; development must be tightly coupled
with experts
– Close client contact for customized solutions
and complex algorithm development drives
these groups to seek independence and control
over development.
– Often complex scientific or financial
applications where traditional corporate IT
resources cannot (or are perceived to not be
able to) deliver.
9. Types of Shadow IT – Rogue Efforts
• Rogue efforts are those IT projects
that are intentionally hidden or
kept separate from the centralized
IT organization
• Rogue efforts may be sponsored
or unsponsored
• Rogue efforts use few IT resources
from the centralized IT function
10. Types of Shadow IT – Skunk Works
– Skunk works are often sponsored
– Frees engineers from ‘structured’
approach to foster innovation
– If successful can be folded back
into the centralized IT function
11. Types of Shadow IT – Black Ops
• Unsponsored efforts
• Usually smaller than skunk works
projects
• Often driven by frustration with IT and
backlogs
• May be of limited scope and use
• May go undetected for years
12. Types of Shadow IT – Purpose Driven
– Productivity needs are often the
drivers of Purpose Driven efforts
– Often extensions to formal IT
systems
– Frequently enabled by desktop
technologies
– Often discovered when problems
occur requiring IT intervention
– Cloud SaaS offerings encourage
Purpose Driven efforts
13. Pros and Cons of Shadow IT
Practice Driven Pros:
- Better business alignment
- Unique value
- Natural agility
Practice Driven Cons:
- Infrastructure duplication
- Compliance Risk
14. Pros and Cons of Shadow IT
Rogue Effort Pros:
- Highly innovative, creative
- Dedicated teams focus intensely
- Natural agility
Rogue Effort Cons:
- Compliance & security Risk
- Lack of support
- Initial success may not scale
- May lack broad application
15. Pros and Cons of Shadow IT
Purpose Driven Pros:
- Often improve productivity
- Extend existing systems capabilities
- Can point to integration opportunities
- Don’t initially impact IT budget
Purpose Driven Cons:
- May eventually require IT support
- Duplication of effort
- Compliance Risk
16. Purpose
Driven
Efforts
Rogue
Efforts
Practice
Driven
Efforts
Traditional
IT
Services
• Traditional IT provides some
but not all services, such as
email, networking, directory
and authentication.
• Rogue efforts tend to use a
minimum IT services
• Practice and Purpose driven
tend to use more services,
such as server provisioning,
but not application
development and/or support
Figure: 1 Intersection of Traditional and Shadow IT
17. Architecture &
Database Design
Purpose
Driven
Practice
Driven
Traditional
IT
Rogue
Development
Requirements
Analysis
Quality Assurance
User Acceptance
Testing (UAT)
Software
Development
Requirements
Analysis
Quality Assurance
User Acceptance
Testing (UAT)
Software
Development
Architecture &
Database Design
Requirements
Analysis
Security Compliance
Quality Assurance
User Acceptance
Testing (UAT)
Software
Development
Architecture &
Database Design
Requirements
Analysis
I&O Support (servers,
hosting, upgrades)
Security Compliance
Quality Assurance
User Acceptance
Testing (UAT)
Software
Development
Non-IT Developers, Testers, Architects, Analysts, SMEs IT Developers, Testers, Architects, Analysts, DBAs
IT Infrastructure and Operations AnalystsIndependent SaaS, PaaS, vendors, closets, etc.
IT Security AnalystsIndependent Security Analysts, disregarded
I&O Support (servers,
hosting, upgrades
I&O Support (servers,
hosting, upgrades
Architecture &
Database Design
Architecture &
Database Design
Architecture &
Database Design
Service Providers:
Shadow IT Service Provider Model
Microsoft Enterprise Architecture Roundtable, 2014
Security Compliance Security Compliance
Figure: 2
I&O Support (servers,
hosting, upgrades
18. Conclusions
• Shadow IT efforts arise out of need, and point to a lack
of IT Services where they are not redundant
• Shadow IT efforts can point to how the organization
wants to use technology
• Shadow IT can extend functionality and provide value
without impacting the IT budget (initially)
• Rogue efforts can jump-start innovation
• Duplication of infrastructure, support, policy
compliance, security present challenges to the
organization
19. Recommendations
• Learn from the dark side; Shadow IT reveals real needs
• Consolidate where there’s duplication
• Cooperate where possible
• Enable the dark side via APIs and integration hubs while
protecting transactional integrity
• Don’t ignore security and compliance risks