Shadow IT: What it means for disaster recovery

Every now and then, the IT world gives rise to a trend that disrupts convention and rewrites the rule book across the entire digital landscape. Perhaps the most significant disrupter to recently sweep this arena is shadow IT, a movement in which departments and business teams are purchasing their own tech solutions without the consultation or authorization of internal IT operations. As one might imagine, these developments have dangerous implications for the health of an organization's infrastructure, particularly in regard to the creation and maintenance of an effective disaster recovery strategy.

Unstable IT foundations
Just how serious is the shadow IT phenomenon, and what are the risks that expand with its growth? Data security and control are the top concerns for decision-makers who have become increasingly wary of an evolving threat matrix, as applications procured outside the tech department tend to lack the defensive measures necessary for the protection of information in transit. Furthermore, the fragmented nature of shadow IT has destabilized corporate structures built to ensure a system of secure, cost-effective resource procurement, sending ripples of uncertainty throughout the boardroom and beyond.

Aside from these widely acknowledged pain points, decision-makers must recognize the negative impact that shadow IT can have on an organization's disaster recovery planning and execution. With 76 percent of organizations reporting some form of shadow IT, according to BT, it's important that business leaders take a 360-degree view of risk factors, including DR. Here are a few areas in which an expanding footprint of unsanctioned applications and computing resources can hamper a company's ability to restore its digital assets in case of an emergency:

  1. Unseen data and apps: How can a recovery strategy possibly achieve its goals if administrators don't know what resources are being used by employees across the enterprise? This is the fundamental conflict existing between DR and shadow IT, and should serve as a primary motivator for decision-makers to snuff out the unsanctioned applications hiding in the dark corners of their infrastructures. BT pointed out that shadow resources account for around 25 percent of an average organization's budget, bringing greater urgency to the situation by ramping up the financial stakes of lost applications and databases.
  2. Fragmented restoration: Even if an IT department is able to track down all the disparate components that make up its shadow footprint, the restorative processes necessary to bring these systems back online in a crisis scenario are highly demanding, unreliable and inefficient. Tech teams should be able to restore data and applications in a unified manner, with the assurance of recovery point and time objectives that offer certainty in unpredictable times. Furthermore, there is no possibility of SLA-defined support for technologies that aren't easily identified or necessarily compatible. When resources are strewn about the network, recovery takes on an additional – and heavy – layer of risk.
  3. Disconnected action plans: Decision-makers must remember that although disaster recovery is only one aspect of an organization's business continuity strategy, data and applications are vital to the productivity and performance of the modern workforce. That means that shadow IT, if left unaddressed, can cause an entire continuity action plan to crumble, regardless of the precision with which employees are instructed or trained for a crisis situation. Business leaders must acknowledge the big picture when confronting their shadow IT problems and consider how their continuity strategies may be affected on a larger scale.  

Communicate to innovate
As decision-makers develop strategies to eliminate shadow IT for the sake of their security, budgets and disaster recovery plans, they must remember that a creative and collaborative mindset is critical to solving such sensitive internal issues. For instance, CIOs should consider branching out across departments to uncover the hidden practices taking place within each segment, then framing the solution in a way that synchronizes the interests of individual teams with the risk-averse goals of the organization at large. 

"CIOs are perfectly placed to nurture creative uses of technology throughout their organizations while keeping a strategic view," said Luis Alvarez, chief executive officer at BT Global Services."I've been a CIO and to me it feels as if we're on the verge of a renaissance of the profession with greater opportunities than ever before.

An article from CIO recently pointed to IDC research revealing that 54 percent of business leaders viewed the IT department as an obstacle to their goals rather than a helpful asset in reaching their objectives. As these decision-makers craft their disaster recovery plans in the new year, they must ensure that these internal rifts don't threaten the cohesive and collaborative methods that must be employed for success in this critical arena. The lessons of shadow IT should serve as a reminder for the ongoing development of business continuity from a healthy and holistic point of view.