I enjoy a good chinwag (don’t we all?) and yesterday got embroiled in a philosophical conversation about the challenges associated to the Cloud beyond the usual security and sovereignty pairing always raised when discussing the subject.

A chunk of the discussion orbited around Shadow IT and the opportunities the user community now have to circumvent central IT thanks to the Cloud.

For those not familiar with the term, “Shadow IT” refers to the practice of users self-serving solutions that are (typically) outside the control (and knowledge) of central IT.

In days gone by, Shadow IT manifested as tower servers sat under desks running Microsoft Access applications that had been developed by a smart guy in finance (!). Today, the Cloudification of IT and the availability of Software as a Service (SaaS) means that almost any user, or group of users, can spin up a system (in their minds a “solution”) in seconds meeting a need, without the complexity or process associated to formally requesting something via central IT.

Asked about how I felt about Shadow IT, I could not provide a sensible answer as to whether I felt it was good or bad. I’m not much of a philosophiser.

I guess I am on the fence a little as I am increasingly trying to look at IT from both perspectives, to empathise with the user community as much as is possible to understand their mindset to make me a better consultant.

Good or bad?

Users love it. That’s why Shadow IT has existed since the dawn of IT. They don’t love it so much when things go wrong, but with SaaS even bad times can be dealt with directly between the users and the vendor/service provider, so in the main, it’s win-win.

From an IT perspective I feel that the spinning up of Shadow IT solutions by the user community has it’s good and bad points. Good that for a small niche requirement, the people that know the need the best can define, procure and manage their own point solution – which I don’t have to support. Bad because lots of systems and solutions inevitably leads to trouble and diminishes opportunity for cost/scale savings as vendor leverage is reduced and creates complex (and sometimes untenable) systems integration issues in the future.

I’m not looking to draw a conclusion here, just to ponder out-loud the nuances of the discussion so I can come back to it in the future when I have a clearer perspective.

Interestingly, a recent report (you can find it here in the whitepapers/cloud folder as “hidden truth behind shadow IT”) from Stratecast and Frost & Sullivan (with (I think) McAfee paying the bill) shows that upwards of 35% of all SaaS used within (the respondants) businesses were without oversight from central IT with Office 365 pretty much being top of the pile in terms of what was being Shadow deployed (followed in second place by Linkedin/Facebook and third by Dropbox/box.net).

Even more interesting is the complicit nature of IT Professionals in the “Shadow” empire being built – 42% of IT folks in the report described themselves as being “familiar with the SaaS solutions being used, therefore I’m ok with it…” sounds like a new form of BYOD to me – Bring Your Own Directive 🙂

more to follow…