The perceived prominence—and threat—of shadow IT seems to ebb and flow over time, probably depending on how many other things IT organizations have pressing on them at the time. During the pandemic, many enterprises may have accepted more shadow IT than they might have liked, because the emphasis was on just making sure employees could work and had the core set of tools they needed for remote collaboration. Now we’re just about due for the shadow IT pendulum to swing back.
On No Jitter this week, senior editor Matt Vartabedian discusses the results of a survey published by Tangoe, which makes technology asset expense management software. Vartabedian focuses on a key datapoint from that survey—that only 39% of IT decision-makers are satisfied with their UCaaS investments. The leading cause cited for dissatisfaction: Shadow IT. As Vartabedian explains, “Not only can shadow IT (software/devices used without explicit approval from IT) compromise the network, risk company data, etc., but it might generate duplicate costs or excessive costs borne by the company.”
Besides the proliferation of collaboration applications that Vartabedian writes about, enterprises are now looking at a whole new scale of shadow IT challenges courtesy of generative AI, specifically chatbots like Chat-GPT. In probably the most-publicized example, Samsung employees reportedly unintentionally uploaded confidential company information into ChatGPT.
I’ve talked to some enterprise IT pros whose companies have barred any use of ChatGPT on company systems; these enterprises view the risks and unknowns as too great. OpenAI, which makes ChatGPT, warns users not to share sensitive information on the tool, but the Samsung case shows how difficult this can be to enforce when you have a large user base.
Shadow IT in the post-pandemic world also has the potential to exacerbate the already significant challenges around optimally implementing hybrid work. As enterprises struggle to understand what makes for a good employee experience—and then how to deliver that experience—system data can play a major role in painting a clearer picture of the end user experience, as our Enterprise Summit panel of enterprise execs discussed at Enterprise Connect 2023. That data can’t really give a complete picture of the employee experience if the systems aren’t being used as deployed, nor can the user experience be managed on non-standard applications, especially if these shadow tools' usage may not even be known to IT.
Interestingly, one of the scenarios from the reported Samsung incident looks an awful lot like a collaboration/hybrid work use case. Mashable reports that one user, “shared a recording of a meeting to convert into notes for a presentation.” That’s actually a pretty good summary of what most of the collaboration vendors are working to enable their platforms to do, within the skin of the application—most notably with the recently-announced Microsoft Copilot for Office 365. If this function had been available, securely, in the meeting app that the Samsung employee used, theoretically they’d have had no need to go out to ChatGPT.
Vendor innovation has always been a necessary response to Shadow IT, whether we’re talking mobile device management systems for BYOD or generative AI functionality within collaboration apps. That, coupled with vigilance from the IT organization, still represents the best bet for dealing with the new generation of Shadow IT.
