News Stay informed about the latest enterprise technology news and product updates.

Is Shadow IT always bad?

We’ve all seen it. That chief marketing officer wants a new report or a redesigned user experience on the company’s mobile app. The guy is already fed up with an IT department and CIO he sees as everything from active obstructionists to clueless, unresponsive ne’er do wells.

IT isn’t interested, doesn’t have the people or budget, has other more-pressing projects on the docket, or may simply doesn’t get what the marketing team is trying to accomplish. What happens next is that the department decides to go around IT and sign up for some software-as-a-service subscription or, increasingly, use a no-code drag-and-drop tool to build mobile apps that connect to company data through an assortment of APIs. After all, the point of many APIs is to simplify access and integration. The result: Shadow IT.

I’ve heard it argued that Shadow IT can’t harm corporate intellectual assets (data) if the apps built are read-only, perhaps for generating sales or inventory reports. I’m not buying that argument, though it depends how you define harm. While prohibiting write access does protect digital assets against dastardly destruction, deliberate deletion, or worse, evil editing, a read-only app still puts the data out in the wild, where you have no control over who can see it. That doesn’t damage the data, but it certainly could harm the business.

As for these no-code tools, the selection abounds. Industry analysts are even looking at them as a good way to accomplish tasks that move the business forward without straining developer resources that are already stretched thin.

Shadow IT is inevitable. To make it work better for everyone, I’d like to see the marketing department be less surreptitious about it. Go to IT and say, “We’re going to do this and we wanted you to know before we start.” Not only is that good corporate citizenship, but it increases the likelihood that IT will take at least a cursory look at the tools and project intent to ensure that security is up to snuff and regulatory mandates (HIPAA, for example) aren’t smashed to smithereens.

As a developer or CIO, what’s your opinion of the trend toward departmental no-code app development? Everyone I speak with has strong feelings. We’d like to hear yours.