Why does shadow IT still exist?

Shadow IT?  What is that?  How long has IT even been around?

According to wikipedia, it was the late 70’s and early 80’s.  So why is it that businesses are just starting to realize the value of a good IT team?  Or, perhaps, it’s just the opposite.  Why is it that IT is now being bypassed because they aren’t quick enough to produce the results that the business needs to stay competitive?

Business leaders attend conferences and hear of cool new products and want to implement them immediately.  They bring the idea to IT and IT tells them (typically) that it will take 5 years and 10 million dollars to accomplish that.  Yet, the business calls the vendor and they can have the product configured and provisioned in the cloud in a week for a very affordable cost.  So, what does all this mean for IT and the security of our customers data?

IT has to change.  We have to be quicker to respond to the business and cut down on the red tape in our projects.  We also have to compare our services to the cloud.  If we are offering the same services that can be purchased quicker and cheaper in the cloud, and still offer the same or higher level of security, then what is keeping us from using those?  Depending on the size of the company, it may not be feasible to pay the salary of an experienced exchange administrator when Office 365 or Google Apps offers the same or more functionality.  Of course, there is the valid concern of down time and not being able to control outages.  It’s all a give and take.  However, the bottom line is IT must stop saying no.

To be valued by the business, we must offer to attend all key business strategy meetings and offer up ideas on how we can compliment the business roadmap.  To be fair, the business also has to help.  They have to include IT in their decision making and help offer the budget and resources so that we can be successful in executing these projects in a quick and efficient manner.

We are all on the same team and have the same goal.  It pains me to hear of organizations where IT or Information Security are always seen as the roadblock.  This is one of the reasons I believe we are having so many data breaches.  The Info Sec team can’t protect what it can’t see or doesn’t know about.  What are your thoughts?  How does your IT team interface with the business?