Former U.S. Senator, Secretary of State, and First Lady Hillary Clinton. Image source: U.S. Department of State.
Hillary Clinton has certainly been newsworthy recently. Stretching from the late 1990s and all the way through her stints as U.S. Senator and Secretary of State, ending in 2013, Clinton shunned government-run email services in favor of a system running in the home she shared with former president Bill Clinton. Critics argue this practice violated government policies, not to mention allowing her (and Bill) to avoid public disclosure of her service-related communications.
The official policy that ties federal officials to government-run email systems wasn't the law of the land until 2014, nearly two years after Clinton stepped out of the political life again. Nevertheless, she's still in the national spotlight over this old-yet-fresh scandal.
But there's also a big upside to Clinton's home-brew email solution getting national attention. Hillary Clinton has quickly become the public face of so-called "shadow IT" practices, which already affects almost every organization -- from small and medium businesses to enterprise-class giants, and onward to the government behemoth. It's high time investors and business managers take a closer look at this trend, so let's thank her for opening the debate.
Expert advice
I already have some personal experience with shadow information-technology practices from my former life as a systems administrator, but those skills are getting rusty after nearly a decade as a full-time business analyst and writer. To get a better feel for modern shadow IT issues, I called an expert in the field.
Shervin Chua, software and security expert at Softchoice. Image source: Shervin Chua.
As head of software-as-a-service cloud computing and client software at IT consulting firm Softchoice, Shervin Chua knows a thing or two about shadow IT. He is responsible both for the traditional kind of IT solutions that shadow IT users are trying to work around, and for the cloud-based alternatives they often use instead. Softchoice often runs large security and policy audits for its clients, giving Chua even more data to shape his insights.
"I think we're at a point in time where companies can no longer ignore shadow IT," Chua said. "They need to put official policies in place, start talking to employees about what they need, make sure that these needs are aligned with the business.
"If they don't, then people can start creating their own solutions and create this whole shadow IT problem."
In other words, shadow IT is the unapproved, unmanaged solution that frustrated employees (and government officials) turn to when official systems don't meet their needs. In Chua's view, it's simply a good idea to take this bull by the horns, identify the pain points people are trying to avoid, and meet those needs through official channels instead.
"This is definitely an opportunity to sit up and take action," Chua explained. "The IT industry is moving away from cookie-cutter solutions with help desk tickets and red tape around everything. This debate gives IT departments a chance to say, 'Hey, different business units have different needs. I'm going to create a baseline framework, but I'll be agile and respond to the various needs of different units.'"
Chua's comments underscore a growing sentiment among IT industry professionals. Talking to the CIO magazine this week, Deputy Chief Technology Officer Steve Riley of data networking specialist Riverbed Technology (RVBD +0.00%) expanded on the problem. "Heavy-handed approaches are not going to eliminate shadow IT, it'll just go farther underground," Riley said. "There's no positive outcome for being a disciplinarian about something like this. You might end up with services that are even more dangerous, where people now actively seek to circumvent policies."
How the solutions fit the problem
In other words, a light touch might do wonders to tame the shadow IT beast even where strict policy edicts fail. And this lesson needs to be absorbed by a very large audience.
According to Softchoice's data collection, over 80% of organizations -- businesses, corporations, churches, you name it -- already see some members stepping outside the formal IT structure to enjoy the convenience of cloud-based public services.
Google (GOOG +0.65%) (GOOGL +0.77%) is a popular provider with tools including Gmail, Google Docs, and Google Calendar. Microsoft (MSFT 0.62%) might lose some software license sales to other cloud providers, but its Windows Azure and SkyDrive services are also leaders in their own right.
Sure, some of these service choices already have the official support of the IT department. But one-third of all users in a large Softchoice audit program recently reported employing tools such as SkyDrive or Google Calendar at work -- without so much as notifying the IT department.
The shadow IT market seems to open up a very large business opportunity for software-as-a-service providers such as Google and Microsoft. Managing these tools in a properly approved and budgeted fashion will help in closing boatloads of security and transparency concerns. And that way, they could soak up the demand for unofficial email servers and unapproved data warehouses running in some random employee's garage, beyond the reach of corporate firewalls.
Final words
A flexible approach to systems management can help businesses and government agencies make the most of their resources. There will always be rogue systems and maverick users, but acknowledging this reality can help contain the problem -- and maybe turn it into a strength instead.
Sweeping shadow IT under the rug, on the other hand, only opens up the door to more security leaks and the next Clinton-style transparency scandal.
