DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More Topics
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » Enterprise DevOps » Beyond the Darkness of Shadow IT

Beyond the Darkness of Shadow IT

By: Chris Riley on March 23, 2015 Leave a Comment

The concept of consumerization of IT, Bring Your Own Everything (BYOx) and self-service technologies has amplified the amount of ‘Shadow IT’ in development shops. Developers can procure, setup, and start using new components, and developer tools in hours. This is a trend that lurks in the dark. C-suite executives can either ban the trend altogether to stay on the safe side, or venture into new waters and embrace innovations that open doors to unforeseen opportunities, efficiencies and productivity standards.

Recent Posts By Chris Riley
  • Using Incident Response for Continuous Testing
  • What Is Resilience Engineering?
  • Moving from NOC to the SRE Model
More from Chris Riley
Related Posts
  • Beyond the Darkness of Shadow IT
  • The Growth in Data Center Uses for Shadow IT
  • Boosting DevOps Productivity Requires Visibility, Automation
    Related Categories
  • Blogs
  • Enterprise DevOps
    Related Topics
  • infrastructure
  • operations
  • Shadow IT
Show more
Show less

DevOps/Cloud-Native Live! Boston

Prevalent Darkness – The Problem

Modern software development implies that changes to the IT governance structure are mandatory. Especially in the world of DevOps which aims to transform IT from a rigid system, into an ecosystem where change is part of the flow, teams should be able to iterate over process challenges just as they do code. The idea is to eliminate performance bottlenecks and yield positive business results.

Containing this pace and level of growth is challenging when measured against the formal approval process of core IT. Allowing developer-focused solutions that conveniently shorten release cycles is a must. But they need to deliver desired results without risking security, compliance and product performance in order to sustain growth. Devs will continue to address their tooling requirements without these considerations as the pressure on them is high. They need to ship code, and are usually behind the gun with their backlog. Developer ISVs have also shifted focus from IT executives and tend market their products by bottom up trials with developers, instead of approaching company executives only via RFPs.

Devs are inherently fast adopters of technology and their requirements can be a moving target. Inadequate change management policies and slow traditional processes of approving enterprise tooling inhibit the adoption of technologies that are legitimate and needed yesterday.

At the same time, Devs object to their limited authority and contribution in deciding which tools to support in the corporate network. From the perspective of IT executives and financial decision makers, accommodating multiple evolving and virtually unlimited Dev request for enterprise solutions create a quandary as software quality is a must, but so is business continuity.

Turning the Lights On – The Solution

Acknowledging the trend of Shadow IT is the first step toward reducing its impact proactively. Employees may inadvertently risk security and compliance even by using technologies such as BYOD devices allowed at the office. It is not malicious, it is their job, and aligns with the DevOps results focus. From the Devs perspective, creating reasonable means to standardize the process of rapid approval and availability of the required tooling is crucial to address the issue of shadow IT.

IT should look at Shadow IT as a roadmap, not an enemy

To create the balance IT needs to be a facilitator to developers, and focus on being a service provider, not a police.  In some organizations this is called Shared Services. A branch of IT that provides a library of tools to developers.  They are responsible for vetting tools quickly, and adding them to the library, ideally before the need arises.

Creating libraries with an array of tools and establishing open channels where Devs can request the tools they need can streamline the approval process. To ensure effectiveness of these initiatives, IT executives and financial decision makers will have to devise a roadmap that enables flexibility to deploy additional tools without compromising security, compliance and performance of end-products.

Stronger communication between Devs and IT departments is also required to ensure everyone is upfront about tooling requirements for each project, as well as the risks inherent with the requested tools. And socializing the risks associated shadow IT practices, such as potential risks of sharing sensitive business information via cloud-based apps, and vulnerable to security attacks will encourage Devs to remain cautious while following the organization’s approval channels and systems in place to provide the necessary solutions. After All a serious outage or security exploit will fall on developers hard should it happen. So it really is in their best interest to mitigate this.

Shadow IT is not an enemy. It is an indication of how fast the team is moving, and the flow to positive results and faster software delivery. But it should be protected under a shell of IT who wants to support the new tooling, and finds a way to be a service provider of it. There will be hiccups and occasional bottlenecks, but done correctly they will not drastically impact developers ability to ship code.

Filed Under: Blogs, Enterprise DevOps Tagged With: infrastructure, operations, Shadow IT

Sponsored Content
Featured eBook
The State of the CI/CD/ARA Market: Convergence

The State of the CI/CD/ARA Market: Convergence

The entire CI/CD/ARA market has been in flux almost since its inception. No sooner did we find a solution to a given problem than a better idea came along. The level of change has been intensified by increasing use, which has driven changes to underlying tools. Changes in infrastructure, such ... Read More
« Adopt DevOps Practices Organically, But Don’t “DO DevOps” (or is DevOps bullshit?)
Financial Sector Leading the Way with CD for the database »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Accelerating Continuous Security With Value Stream Management
Monday, May 23, 2022 - 11:00 am EDT
The Complete Guide to Open Source Licenses 2022
Monday, May 23, 2022 - 3:00 pm EDT
Building a Successful Open Source Program Office
Tuesday, May 24, 2022 - 11:00 am EDT

Latest from DevOps.com

DevSecOps Deluge: Choosing the Right Tools
May 20, 2022 | Gary Robinson
Managing Hardcoded Secrets to Shrink Your Attack Surface 
May 20, 2022 | John Morton
DevOps Institute Releases Upskilling IT 2022 Report 
May 18, 2022 | Natan Solomon
Creating Automated GitHub Bots in Go
May 18, 2022 | Sebastian Spaink
Is Your Future in SaaS? Yes, Except …
May 18, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

Hybrid Cloud Security 101
New call-to-action

Most Read on DevOps.com

Why Over-Permissive CI/CD Pipelines are an Unnecessary Evil
May 16, 2022 | Vladi Sandler
Apple Allows 50% Fee Rise | @ElonMusk Fans: 70% Fake | Micro...
May 17, 2022 | Richi Jennings
DevOps Institute Releases Upskilling IT 2022 Report 
May 18, 2022 | Natan Solomon
Making DevOps Smoother
May 17, 2022 | Gaurav Belani
Creating Automated GitHub Bots in Go
May 18, 2022 | Sebastian Spaink

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.