Trust, the key factor in governing Shadow IT. Takeaways from the X-change of 26 February 2019


Many organisations have a love-hate relationship with Shadow IT: while it can create challenges regarding controls, budgets and security, it can also introduce innovation, enhance efficiency and engage staff in processes. During this session, we peered inside a few companies to see how they handle Shadow IT, and picked up some valuable best practices along the way.




Shadow IT


Our first speaker was Koen De Maere, Information Manager at BASF and Researcher ‘Digital Business and IT’ at University of Antwerp, Antwerp Management School.  He opened his talk with the ISACA definition of Shadow IT:

"Shadow IT is an application, tool, service or system that is used within an enterprise to collaborate, share content or other purposes without having reviewed, tested, approved, implemented or secured by the enterprise IT function, in accordance with written policies and procedures."


Some more commonly known examples include productivity apps like Trello or Slack, messaging apps, social media, cloud storage, etc. They offer plenty of opportunities, but come with plenty of risks too. Koen brought up the example of Waze (slides 7 and 8).


When looking at the statistics (slide 9) we might conclude that Shadow IT has become the ‘new normal’.  But IT professionals have a different, more negative perception, seeing it as:

  • ‘Not invented here’
  • Unsecure (‘we can do it better’)
  • Unmanaged and cheap
  • Shadow IT users are ‘bad’.


On the other hand, the business often sees it in a more positive light:

  • Getting things done ASAP
  • The best user interface
  • Affordable
  • Supporting a flat organisation, entrepreneurship
  • Innovative, modern
  • Intuitively, readily available
  • Enabling more flexibility
  • Making us look sexy


So do we need more, or, on the contrary, less governance, Koen wondered?  The right answer? Good governance.


The 'knowing-doing gap' (slide 28) is an important phenomenon to keep in mind – it’s the gap between being aware of what the company needs to do for success, and actually doing it.  The most common reason that employees don't follow the company’s policies (51% of people) is that, even though they have the capability and systems needed, there is resistance in the organisation itself. So there is no true motivation to make the effort.


Behaviour is regulated by four constraints, Koen, explained: law, social norms, market and architecture.  This theory is easy to apply to Shadow IT as well (with ‘policies’ standing in for ‘laws’).


Putting the spotlights on Shadow IT


Jan Bruggeman, Director ICT at Esterline, was our second speaker.  Jan shared that Esterline (a company that has been growing through several acquisitions) relies on four separate networks - partly historical, partly intentional, this dimension adds complexity (see slide 5).


The first step in streamlining (when the Barco department was taken over by Esterline 4 years ago), was to bring all IT together (see slide 7).  But this didn't rule out Shadow IT entirely, partly because of a lack of resource capacity at times.  So the constant alignment with the business was, and continues to be, a necessity.


A second element was governance.  This allowed Esterline to put a spotlight on the Shadow IT within the company.  Good governance allows IT and business to meet and align with each other.  Through constant communication, there are hardly any surprises or unexpected budget overruns.  Jan emphasised that trust is a key factor here - when trust is built, the need for Shadow IT can be reduced.


And last but not least, the IT budget and IT procurement must be leveraged.  Jan’s recommendations:

  • Establish a close cooperation with non-production procurement on all IT
  • Take ownership and manage the IT budget; the business decides on the budget it needs, but IT manages it.


This doesn't mean IT has unlimited budgets, but the leverage is at least maximised.


In summary, Jan wrapped up, make sure IT is seen by your business as 'adding value for them to come to a better and more sustainable solution'.


Evolving from a no-culture to an enthusiastic mindset


Unfortunately, due to unexpected circumstances, the 3rd speaker on the agenda, Kristof Dujardin, CIO – IT Director at Attentia, was unable to attend at the very last minute.  His presentation, however, is available with the others, for Beltug members (after log-in).









Dear visitor,

Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).

Beltug gathers a lot of information. Here you find the advantages of Beltug membership

The Beltug Team

Click here to login

>>> Back to overview