Shadow IT and the Fragmentation of Company Knowledge

Shadow IT and the Fragmentation of Company Knowledge image shadow it4One of the side-effects of the proliferation of new communication services is that IT departments are struggling to control which services are used, and where corporate data is stored.

The growth of “bring your own device” (BYOD) has been widely reported – employees using their own phones, tablets and other computing devices for business purposes. IT departments have now become increasingly well equipped to handle this trend, reap the benefits it offers and mitigate the risks. But the emergence of “bring your own application” (BYOA) is less well understood, and typically harder for IT departments to manage.

The BYOA trend has emerged due to web services offering business applications with consumer levels of simplicity and usability, often with a freemium model that enables employees to start using them without any company expenditure. It’s hardly surprising that knowledge workers have embraced sleek, free productivity tools in preference to creaking old enterprise systems.

The introduction of unapproved software into the company is sometimes described as Shadow IT, and it has consequences that are not immediately apparent to the user. Most of these services store data on the provider’s servers, which has implications for the company’s data security, discoverability and accountability.

BYOA can also lead to the fragmentation of the company’s collective knowledge across a wide range of disparate services. It may initially seem very appealing to a group of employees to start using a new tool to improve communications in their team. But suppose another department picks a different, competing tool. And employees in another region pick yet another tool, perhaps one in a different language. The result is that discussions are scattered across a range of incompatible services. There may have been short-term productivity gains, but trying to go back months or years later and retrieve those discussions can be increasingly difficult.

Recommended for YouWebcast: The Art of Growth Hacking: Gaining Early Traction by Doing Things that Don't Scale

The problem wouldn’t be so bad if these new services were complete solutions, but they typically are not. They are usually specialist solutions with a relatively limited feature set, as they are usually designed to complement existing services rather than replace them. To put together a full collaboration suite often means using separate services for messaging, file sharing, task management, social networking, voice calls and video conferencing.

This “pick and mix” method of selecting services is often referred to as a “best of breed” approach. The attraction of such an approach is clear – choose the best of everything. But it is somewhat superficial and unrealistic, because it overlooks the inherent incompatibilities that such a wide range of services suffer from. It is all very well emailing a group of people using system A to assign them a task in system B to review a document shared in system C, but the differences in access control models and information architectures of A, B and C inevitably lead to “I can’t see the document” and “I can’t log in to B” types of problems. And how do you reply? By email in A? As a comment in B or C? And given that it could be any of these, how do you search for a comment that you previously read and need to find again?

So although they are perhaps less fashionable, integrated suites give a more consistent user experience, and offer greater protection of a company’s collective knowledge. Access control models are consistent across messages, files and tasks and search can find content of any type. Equally importantly, it makes it easier for IT to assess the risk of trusting corporate knowledge to such systems.

But that is not to say that IT should be the sole arbiters of which new technologies can be introduced into an organisation. Employees outside IT departments are now far more technically-literate than they were 10 years ago, and often are better placed to identify emerging services that can improve business efficiency. An enlightened, 21st century IT department should embrace this rising technical competency, and make the process of adopting new services as transparent and flexible as possible by defining clear policies on the criteria for use of new services including the technical and legal requirements.

BYOA brings a flood of new services and opportunities. Ignoring it will leave a company drowning in a mess of fragmented information services; trying to prevent it will inevitably fail as the pressure to change becomes too great. Instead, IT departments and business users need a new contract in place to allow new services to be adopted in a safe, consistent way that both improves business efficiency and protects corporate data.

This is part 11 of The Business Communication Revolution, a 15-part series on improving the efficiency of communication in business. You can follow the series on this blog, or at communication-revolution.biz

Discuss This Article

Comments: 1

  • Ava Cristi says:

    They say there are dangers to the BYOD approach—Android phones are mostly vulnerable to cyber attacks if it’s not handled well by the user under the company premises. I’m not sure what this has to say towards BYOA. In a larger overview it does improve productivity as employees find ways to find best methods when working, on the other hand it can open floodgates, create loopholes into the security system.

Add a New Comment

Thank you for adding to the conversation!

Our comments are moderated. Your comment may not appear immediately.