This article can also be found in the Premium Editorial Download "Storage magazine: More choices for virtual server backups."
Download it now to read this article plus other related content.
ESG data shows users are making more and more rogue IT purchases. Here's why it's happening and how IT can regain control of the process and mitigate further risks.
Are you an information technology (IT) manager who feels as if you're losing control of crucial business application purchasing decisions? If you are, you're not alone. Recent ESG data finds users are making more and more rogue IT purchases, so it's time for you to get in front of the curve.
IT is losing its grip on
One of the most surprising outcomes of the research is that knowledge workers not only influence and decide on software purchases, they often do so without involving IT. This trend is popularly being called "shadow IT." Nearly half of the knowledge workers we surveyed either accessed or downloaded applications that weren't provided by IT. It would be easy to assume these are programs for personal use, such as Facebook, but that's not the case. Almost one-third said they accessed or downloaded software for business use, while an additional 44% said they did so for both personal and business use.
While it's clear that knowledge workers are becoming more involved in official IT purchases, it's also the case that they're often doing so without IT involvement.
What's behind the move?
A number of factors are conspiring to empower knowledge workers to become their own IT buyers. One factor is the consumerization of IT. As more consumers regularly buy Web-based and mobile applications, they become used to the idea of buying their own software. And as knowledge workers get used to the ability to download or access the software they want or need without IT involvement, they're more likely to continue doing so.
Another reason knowledge workers are buying more software on their own is simply because it's fast and easy to do. Cloud deployment turns everything on its head and changes the purchase model from one that favors IT to one that favors the non-IT buyer. In the past, purchasing a business application required it to be installed on-premises, leveraging company servers or desktops. The only entity even capable of doing that effectively was IT, whose concerns about security and support had typically led to the lockdown of desktops or laptops. But this approach is time-consuming and much more difficult to enforce with a Web-based or mobile application, especially when the device is owned by the knowledge worker. Cloud-based applications put IT responsibilities in the hands of vendors, make it possible for knowledge workers to buy applications themselves, and the time to get applications up and running is minimal. In addition, the subscription model of many cloud applications makes it easier to purchase software from department or line-of-business operating expenses instead of having to incur a large capital expense as part of a big IT project, often putting these purchases under the radar of deep financial inspection.
Time for IT to catch up
On the surface, this shift may seem to be a good one for companies. Knowledge workers no longer have to deal with project backlogs in IT, so they can order applications immediately to answer a timely need. Subscription pricing allows expenses to flex with headcount or requirements, eliminating the need to incur a large capital expense that may never be recouped and aligning expenses with the health of the business. And IT support, long a sore spot with knowledge workers, is also assumed by the independent software vendor, removing a major headache for IT and end users alike.
However, knowledge workers lack the collective training and knowledge of IT departments when it comes to data governance, regulatory compliance, data protection, and security. They're also not skilled in assessing the potential complications of cloud-based and mobile applications arising out of legal issues such as legal holds due to litigation, IP leakage and implementation of defensible deletion policies.
To mitigate the risk that may come with non-IT-approved software purchases, IT has to approach the software purchase process differently. Instead of trying to control the process, IT should help guide and assist. Recognizing that coercive attempts to restrict knowledge worker purchases will only result in more inventive ways to circumvent the rules, IT should position itself as a partner with specific expertise that the knowledge worker buyer can leverage. This will help to protect the business and the knowledge worker from a ruinous mistake.
About the author:
Terri McClure is a senior storage analyst at Enterprise Strategy Group, Milford, Mass.
This was first published in September 2013