Shadow IT Done Right

What is Shadow IT?

Shadow IT is described as IT projects that take place outside of a company’s internal IT department.

For example, a Marketing department may hire a digital agency to create a custom-built application, outside of the company’s core-offerings, as a value-add for their customers. Since the application was not built internally by the organization’s own IT department, it would be classified as a “Shadow IT” project.

Why would a company engage in Shadow IT?

Shadow IT is not uncommon and is becoming more prevalent.

As consumers’ lives grow more digital, companies in all industries look for ways to compete for their attention. Becoming a part of a customer’s digital life can increase brand awareness, customer acquisition, and the bottom line.

However, all companies have limited resources. Many find their departments competing internally for IT resources just to stay relevant in the market. Even if a department has the budget for a project, there are only so many staff available to complete projects.

This classic example of supply vs demand shows us why a company would look to external resources for their IT project needs.

“Many [companies] find their departments competing internally for IT resources just to stay relevant in the market.”

While it can have a sketchy connotation, there are ways to do Shadow IT right.

We’d like to outline some of the concerns that companies have when engaging in Shadow IT and our tips to avoiding them.

Risks of Shadow IT and how to avoid them

There is always the fear of creating a new product or digital offering that cannot one day be supported by an internal IT team. This can happen for many reasons.

Unfamiliar Tech Stacks

One reason could be that the external firm you hired built the project on a tech-stack that the internal team is not familiar with.

As a simple example, the application could have been built in a language like Python. If, one day, your company decides to bring the support of this application in-house and none of your IT staff is familiar with Python applications, you’ll need to either hire, rebuild the app, or scrap the project altogether.

We recommend finding a firm with experience in a technology stack that makes sense for your team.

If supporting digital products is not something your company currently does but is looking hire staff for, then you still need to take into consideration the skillsets of the available talent-pool in your area.

For example, an external firm may be really experienced with a language like Scala and, while there might not be anything wrong with the language itself, it’s important to consider whether or not there is a sufficient supply of developers in your area who can work with the language in case one day you decide to start hiring.

Poor Scalability & Architecture

Another reason could be the overall scalability of the application. Inexperienced firms may overlook important aspects of app scalability or just take shortcuts to cut costs. At first, things may seem fine, but as your app grows and usage skyrockets, you could quickly see your product turn into a slow, clunky mess.

Scalability is something that should be built in from the beginning and isn’t easily “added in” later.

Security Compliance & Regulation

If your industry has to take regulations like HIPAA and PCI into consideration, you need to make sure the external firm you hire understands the ins-and-outs of the regulations as well.

Your firm should always practice basic, proper security hygiene, government regulation can be a whole different beast to tackle.

Make sure your firm has experience and understands the necessary steps they need to take to adhere to such regulations. Security is best built in from the beginning.

Complexities of the Enterprise

A lot of outsourced IT firms aren’t as large as the client they’re working with. This can be a good thing in terms of staying lean and avoiding heavy overhead in processes.

However, projects with larger companies can require things like hardware provisioning, firewall rules, architecture review, penetration testing, etc. Many outsourced firms don’t know how to handle these kinds of constraints. If they don’t, these constraints can completely halt your project.

When selecting a firm for your Shadow IT project, make sure they are steeped in enterprise operations and can help guide you through that minefield.

The Right Firm for your Shadow IT Project

If you have an IT project that your internal team just doesn’t have time for, let us know and we can help you navigate through the challenges and deliver effectively. Just leave us a note in the contact form below.