CIO Insights: Dealing with shadow IT

CIO Insights: Dealing with shadow IT

Three Australian IT leaders share their advice

If you have a good working relationship with the CMO and you have proven to management that you can meet project deadlines, I don’t think they will go away doing it on their own. They only will go away doing it on their own if you keep missing your deadlines, so there’s no trust there.

By having a weekly catch up or monthly management catch up, that sort of surprise coming out of nowhere probably can be avoided. You want to advise the CMO, saying ‘there’s a technology that I’ve been looking at and this is what a CMO mentioned it in another company, it may be beneficial to you’. This kind of conversation over a coffee or in the weekly/monthly meetings can help you promote yourself and become a trusted advisor.

If we bring ideas and initiatives to the CMO, he or she will definitely engage with you more and more. The role of the CIO is to promote and introduce new technologies to the company. If someone comes to you all the time with new technologies and you execute and implement them, then you might start questioning yourself and if you are doing your job enough to explore and bring new initiatives into the company.

If you introduce 8 out of 10 [technologies] and the other two came from other business units, then you could say you are doing a pretty good job. If it’s the reverse, then you would probably start questioning yourself.

Read: Mixing with marketing: The CIO-CMO partnership.

You need to put maybe 5 per cent of your team or budget just to introduce new technologies, explore what they can do for your company, the business. It might fail, it might be successful. But at least you put in that effort, instead of only maintaining what you have. By always looking in the market and keeping yourself educated and the team, you can always give that advice to the senior management team.

Also, I would disagree with my colleagues if they said ‘we own the data’. IT doesn’t own the data, the company does. Our role and function is how to secure the data, and how we share the data with the other business units using different applications.

When it comes to the security of the data, we don’t want people who don’t need access to be accessing a system. So if they define that, then we will help them to implement the objectives, instead of simply saying ‘you cannot have this’. The approach is to try to deliver the project goals and objectives with the CMO.

Rob Livingstone, former CIO and owner of an advisory practice

A situation like that is unfortunately not too uncommon. Shadow IT is very real in many organisations.

It goes to the heart of governance within the organisation: who’s accountable for the consequences both in the short term and in the long term for that decision being made?

The overall governance in an organisation should balance the demand to meet short-term requirements or issues versus elevating the systemic risk, such as a data breach, degraded data quality, cost issues, etc.

Achieving that balance in organisations is not easy because you are dealing with individuals who maybe do have a more conventional/traditional perspective on their roles, their departments and how the organisation should be run.

The first step is to transform IT into a division that can add transformational value to the organisation and be seen as a peer. Once that occurs, it's then a question of applying the right governance across all the executives [so they] understand that fragmenting and federating systems should be in accordance with a defined understanding of who’s accountable for what, and who has jurisdiction over what.

Having everyone buy their own services, getting it in the door quickly, can be sustainable provided the risks don’t eventuate. However, a small cloud application, which might just be swiped with a credit card and deployed in a particular part of the business, could contain information which is at serious risk of access by an unauthorised person, which could jeopardise the entire business.

Risks can arise from a lack of integrity of your broader IT systems, which means the ability to connect the system with others, the ability to manage disaster recovery, to ensure compliance with data jurisdiction and the emergence of privacy laws – for example, the new privacy legislation that is coming out in March this year.

Also, if a client wants to log in to a single portal because there’s value in having a one-stop shop service, how can that be possible if the underlying databases are all spread across cloud providers, internal data centres, with 10 different systems put in by 10 different departments down the track?

The fundamental issues deal with how coordinated the organisation is and that starts right at the top in terms of the organisation’s business plans, strategies and mission. It’s about how clearly that is articulated so the common objective and strategy is aligned with all the c-suite, so everyone understands that they are not just looking after their own patch.

It’s also making sure that a percentage of everyone’s role is to look at what others are doing and how they work together to achieve the common objectives of the organisation instead of protecting their patch or folding their arms and saying ‘this is not your job, this is my job’.

Are you facing a particular challenge and need some advice? Contact Rebecca Merrett at

For more articles in the CIO Insights series, be sure to check out:
How to approach innovation
IT offshoring/outsourcing – how much is too much?
Legacy systems – love them or leave them?
What not to do when hiring talent

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags shadow ITRob LivingstoneCIO InsightsCIO-CMO relationshipbusiness partnersAlex JonesJohan Sulaiman

More about IDC AustraliaLEK ConsultingRob LivingstoneSynergy

Show Comments
<img height="1" width="1" style="border-style:none;" alt="" src="//"/>