Commodity IT, the problem formerly known as Shadow IT

I have been working on a couple of projects the last 6 months where we designed and deployed digital workspaces. All of these customers had different drivers behind those projects such as:

  • Staying ahead of the competition
  • Create a millenial-proof workspace environment
  • Reduce administrative overhead on desktop management
  • Consolidate our localized workspace management (point) solutions to a global hosted cloud
  • Transform our workspace service from a CapEx model to an OpEx model

Most of these drivers are valid drivers to migrate towards a digital workspace and will almost certainly fit in such a stratgey.

Something that none of the customers took into account was the threat called Shadow IT.

In traditional workspace environments (Active Directory with GPO’s, managed corporate windows desktops/laptops and a fixed set of applications), the IT admin was in control over what and the end-user was doing. He knew what kind of software was used by the end-user and IT-services like working from home was quite complex to implement.

A few year later, a lot of software-companies invested heavily in SaaS-based applications. Solutions like Salesforce, dropbox  and slack are perfect examples of tools that are easy to use, don’t require an admin to deploy and solve a lot of user-experience issues that existed due to the traditional way of management. “If my IT Admin doesn’t give me VPN access so I can work from home, I will just use dropbox to solve that problem”. This is one of the most heard responses from end-users when they take a survey that we use during our assessments. Slack is a similar example. “We use Slack as our primary colaboration tool because our own solutions lack ease-of-use and don’t support mobile devices”. Admins are completely in the blind and security officers have challenges to keep their intellectual property within the company premises. The last great example forms another issue: Salesforce. Some of our bigger customers have teams that are responsible for purchasing and invoicing and have a daily job in placing the right numbers in the cost center they belong to. Imagine what happens if someone from the sales team decides that the internal CRM system has a bad usability and uses his company creditcard to purchase SaaS-based licenses from Salesforce? Again, a challenge to the customer and it’s governance.

This threat is what we call Shadow IT. Applications and services that seem to be unseen to responsible persons at the customer. And the main reason is that enterprise-IT hasn’t evolved through the years while end-users have. Take the millennials for instance. They use their own device to work  on during their college-years on high schools and universities. With ease of use, they deploy software from an app store and when it is in need of a (sometimes daily) update, stuff just works. No need for a maintenance window, no service interruption and if the application they installed doesn’t do as they like, they just download and install another one. It’s that simple.

In my opinion, this is the main reason for Shadow IT. And if companies don’t act, the problem will become even bigger.

But how should you act? I mean, this may sound as such a big problem that you might not know where to start. The first step in solving the Shadow IT problem, is to become aware of what is happening in your workspace environment. And to do that, you should first run an assessment. There are multiple solutions to do this, but the one I would like to focus on, is Liquidware Stratusphere. Like I wrote in this blog post, the solution consists out of a client that collects information and a central component that analyzes that information for later use.

Again, it is wise to collect information for at least 5 weeks, but for more accuracy longer is always better. In some cases, applications for invoicing might be ran only once a month or once in every three months even.

As more and more applications are web-based, the solutions used to assess your environment must be able to analyze web sessions as well. And that’s where Liquidware Stratusphere is really helpful. Liquidware Stratusphere has a feature called the Advanced Browser Inspector.

shadow it prevention with Stratusphere UX

The solution plugs into the user session, regardless of the endpoint that is used. So in case the user is running on different endpoints, data collection is complete and consistent.

shadow it prevention with Stratusphere UX

As you can see in the above and below pictures, it is possible to get an overview of the websites that users have visited and with which numbers. Really useful information if you are searching for shadow IT awareness.

shadow it prevention with Stratusphere UX

Shadow IT is a fact. Users are in need of a flexibility in their choice of tools that they require to fulfil their jobs. Offering those tools is what we as admins need to focus on in the near future if we want to offer millennials and existing employees a great place to work. A Digital Workspace solution like VMware Workspace ONE is an example of such a solution.

workspace one

A central App Store-like solution that incorporates both legacy applications as well as a wide variety of (web-based) SaaS applications.

I hope this post helped you a bit in getting started. Shadow IT has turned into a commodity which we have to deal with and turn it into an IT service instead of a problem.


Johan van Amersfoort