Responding to shadow IT in the digital workplace

IT must stop attempting to hold users back and instead embrace cloud services, effectively becoming a strategic partner to the business.

I would define the digital workplace as the collection of technology that enables people to contribute, share, and access information as part of doing their jobs. The digital workplace has existed in some form for a long time. In the past, it was as centered around the desktop experience for information workers. Capabilities were limited when you weren’t physically sitting at your desk in the office and field workers had very little, if any, interaction with the digital workplace.

The impact of cloud services

Fast forward to today and we see a very different environment. There has been a proliferation of cloud services, enabling companies to develop products and sell them directly to consumers and business users. Sophisticated capabilities that at one time could only be provisioned by a company’s IT department are now readily available, often purchased with a credit card with a per-user per-month billing model.

A small fraction of cloud based tools available in the digital workplace

The rise of shadow IT

Much of the demand for cloud use in the enterprise is driven by the consumer experience. We have become accustomed to the digital experiences that have developed in our personal lives. We’re constantly connected through our smartphones; with a few taps and swipes we can retrieve up-to-date news and information on any topic, purchase everything from food to flight tickets, and start a video conference with friends on the other side of the world.

With this type of digital experience in our personal lives, employees have increasingly high expectations of the digital tools they use at work. This has lead to the rise of shadow IT which Gartner defines as “IT devices, software and services outside the ownership or control of IT organizations.” In many cases, cloud services are being purchased and consumed directly by business units.

IT is often not aware of how prevalent third-party services are in their organization. One customer we worked with recently had an audit done that looked at their network traffic. It found there were over 200 cloud applications in use among their more than 5,000 employees. IT was not aware of the majority of these applications.

So why are employees procuring cloud services on their own?

The most common reason is to get up and running more quickly than IT has traditionally been able to do. Sometimes there is a specific capability the person or group needs that is not currently offered by their enterprise systems. Sometimes it’s to circumvent restrictions such as file size limits or sharing files with external parties.

So what’s the downside of shadow IT?

Unfortunately, while procuring their own solutions might fill an immediate need for someone or their team, it often works against organization-wide objectives for collaboration, productivity, and innovation. Everyone is working with their own tools within their own silos, leading to a fractured or fragmented experience for employees.

Additionally, without a plan and due diligence to select and manage technology applications and services, these users could be putting the organization at significant risk.

As an example, consider the control of your organization’s data:

  • Do you now have customer or other sensitive data stored in the cloud?
  • Is that data stored in Canada or elsewhere? and does that present a risk?
  • Do you still own your data? What are the service provider’s polices and terms of use?
  • Is your data encrypted? How safe is it?
  • Who else has access to the data? If the employee who uploaded it leaves your company, can anyone else access it? What level of access do staff of the service provider have?
  • Can you perform eDiscovery across your repositories in the event of legal action?

The CIO usually has responsibility for information security and technology risk for the organization, even in scenarios where a particular application hasn’t been explicitly sanctioned by IT.

How should IT react?

Unfortunately, a common reaction to shadow IT is to lock things down—blocking cloud services and preventing employees from accessing them at work. Another strategy is to institute policies, that no one typically reads, in an attempt to shift the blame off of IT if things go wrong.

Creative commons (without censorship): Simon Wardley

Not surprisingly, this approach ultimately doesn’t work. Employees find ways to get around these constraints. It only serves to reduce employee satisfaction. Eventually, IT becomes less relevant in the organization.

IT must stop attempting to hold users back and instead embrace cloud services, effectively becoming a strategic partner to the business.

First and foremost, IT must transform from playing the role of a utility function to being a strategic enabler of business objectives. IT should directly influence revenue growth, cost reduction (in other areas of the business), minimize risks, and provide an engaging experience for employees. This is not to say that the utility functions of IT aren’t important. They are critical. But it’s time to start pushing these, where appropriate, to cloud providers like Microsoft and have your organization’s IT resources focus on the highest value tasks that directly impact business outcomes.


Except in very specific cases where doing so provides a distinct competitive advantage, running large data centres will quickly become a thing of the past. Cloud providers are making investments on a scale not feasible by most organizations.

As an example, Microsoft has invested over $15 billion to-date in its global data centre infrastructure for Azure. Microsoft has more than 100 data centres and has just opened its first two Azure data centres in Canada.

Instead of allocating resources to managing servers and performing administrative tasks, IT leaders must look for ways to leverage cloud services and re-orient their resources to business enablement activities.

Application development

Application development within the enterprise must also change significantly. Enterprise platforms such as SharePoint or ERP systems are no longer on three to five-year upgrade cycles. Instead, vendors are rolling out incremental changes on a continuous basis. IT departments must reorient themselves to this new world and plan and manage projects and resources differently.

At Habanero, we’ve adopted an approach we refer to as Responsible Development in response to this. Customizations are considered only where absolutely needed to create an exceptional user experience that facilitates adoption or serves a specific business need. When customizations are deemed necessary, we take a cloud-first approach to development, even in cases where the solution will be deployed on-premises initially.


Security of proprietary information, customer data, and other organizational data must remain a top priority for IT leaders; however, the approach must change from one of defaulting to locking everything down to one of embracing user needs and helping them to manage the risks. Capabilities should be implemented, such as mobile device management (MDM), that minimize roadblocks for users while at the same time mitigating risks to the organization.

Empowering users

The rise of shadow IT is being driven by employees who are looking to adopt technology to help them in their jobs. IT leaders should embrace this trend, encourage these users, and guide them in their use of technology. Once business stakeholders and other employees see that IT can help them meet their objectives, they will be more open to collaborating and involving IT leaders in strategic decisions affecting the future of the organization.

Stories say it best.

Are you ready to make your workplace awesome? We're keen to hear what you have in mind.

Interested in learning more about the work we do?

Explore our culture and transformation services.