It’s called “shadow IT” for a reason.
When users sidestep admins to use unauthorized cloud applications, IT is left in the dark. Admins lose control, security risks rise, and deprovisioning and provisioning processes are nonexistent. That’s why 43 percent of CIOs view shadow IT as a major threat to their organization, according to Forrester.
But employees have a job to do and they’ll do whatever it takes to work more efficiently, even without IT’s help. A 2015 Cisco study revealed a huge disconnect between IT staff and end users. On average, large enterprise IT departments believed their organizations ran 51 cloud services, when in fact, data analysis revealed the real average to be 730.
“To me, shadow IT is a warning bell,” says Tim Burke, BetterCloud’s Director of IT. “It means IT isn’t moving fast enough.”
By paying close attention to shadow IT, admins can identify which applications users want and need. Even with the obvious security risks, there’s no reason shadow IT can’t drive positive change within an organization.
How BetterCloud Brought Slack Out of the Shadows
For six months, Slack was shadow IT at BetterCloud. “I audited all third-party applications throughout our domain using BetterCloud and was able to identify pretty much everyone in [our Atlanta office] as an active user. That was an eye-opening moment for me.”
It was a legitimate security concern, he admits.
IT didn’t control Slack: there was no single sign on, no deprovisioning process. “If any security principles were being violated, we would have had to shut it down immediately and then just deal with the fallout.”
But the fallout never came.
After discovering no immediate security threat, Tim identified the users that first shadowed Slack to better understand their pain points.
Google Hangouts had always been the de facto communication tool; we still use it for video and meetings. But for text-based chat, Hangouts was limiting, says Tim. There are no persistent groups, no easy integrations, and no concept of mass communication like Slack has with its channels.
Slack addressed a real business need. It was an easy-to-integrate, text-based chat system that helped engineers and developers speed up release processes, reduce email clutter, and increase communication.
“Slack is a great chat platform, but it doesn’t hit its stride until you start piping in contextual information and feeding it to the right people,” says Tim.
Before the Slack rollout, it wasn’t unusual to see a single person get 2,000 automated emails in an hour. To combat this, shadow Slack users set up integrations for Salesforce, Zendesk, and other applications to feed alerts into Slack channels instead of inboxes. Code pushes, build and deploy information, and release form information were all delivered to Slack for everyone to see.
Still, Tim needed to sell the value of the application to the executives. Slack isn’t cheap, he says. “I needed to put together a better-wrapped case than, ‘Atlanta likes it.’”
Thankfully, the shadow Slack users within BetterCloud had already demonstrated the various use cases. Tim just needed to document them.
By the time he introduced Slack into the IT infrastructure, half the company was using it every day with powerful, built-in integrations. “It gave me all the ammunition I needed to really sell Slack to the executives. I was able to point to the shadow IT Slack account and say, ‘look at these usage stats.’”
The next step was to put everything together into a project charter, a one-page document containing requirements, timelines, milestones, stakeholders, and objections. “Really basic project planning stuff,” says Tim.
Stapled to the back of the one-page project charter were documented use cases.
There is one opportunity to make a first impression when selling an application to executives, says Tim, so the use-cases page needs to show the application’s true value.
And when it comes to purchasing the actual application, IT is providing real value. Almost every time, end users buy shadow IT for list price, not a negotiated deal. It’s a horrible way to waste money, says Tim. “Even if I do nothing else, if I can set [the shadowed application] up for single sign on, wrap security policies around it, negotiate 10% off, favorable cancellation terms, and a solid SLA with financial penalties, then I’ve added a lot of value.”
Don’t Underestimate the Power of Communication
“Your users have a right to know why any application, shadow IT or not, is being rolled out,” says Tim. What’s happening, when it’s happening, and why it’s happening are all important questions that need answering BEFORE a rollout. If you don’t do a good job explaining how an application will help your users, then you better prepare for a flurry of questions, says Tim.
To further cut down on confusion, Tim customized many of Slack’s help articles for BetterCloud. With shadow IT, no one has access to internal help articles, a factor that is vital to any rollout.
Pilot Before You Rollout
As the sole IT admin, Tim wanted feedback from new Slack users before the rollout. “I physically sit next to these people and I interact with them every single day, they generally end up being my guinea pigs.”
As a Slack user in his personal life, Tim needed the pilot group to help see what he took for granted and forgot to document–small things like how to make text bold or italics. “That’s the beauty of pilot groups,” he says. “You find the speed bumps right away.”
Make Sure the Cupboard Isn’t Bare
“The first time you’re rolling out an application and your end user logs in, it’s got to be good. It’s got to be really freaking good.” It’s a terrible user experience to log in to an application and find it empty and desolate.
Put yourself in your users’ shoes, says Tim:
You get an invite from IT to log in to Slack.
You don’t know what it is or why it’s useful.
The sign in process is difficult.
Nothing’s set up.
No one’s talking.
There are no help articles.
Why would that user ever use that application again? The value of an application needs to be immediately apparent.
Tim rolled out Slack to the Atlanta office on a Wednesday, then to the New York office on Friday. He left a day in between to give himself time to fix any potential onboarding issues before Slack went companywide.
During both rollout days, Tim set aside time for users to get on a Hangout or talk with him in person if they had issues or questions. He even enlisted the help of power users, instructing them to lead by example and offer encouragement to other users.
Maybe Shadow IT Isn’t All Bad
The benefits of shadow IT have emerged. Former shadow users now serve as product evangelists, usage stats gave Tim confidence in Slack’s adoption, and unauthorized custom-built integrations, which now run in the official Slack environment, became primary use cases for selling the application to executives.
“Despite taking the wrong approach, users are pretty good at choosing applications that solve business needs,” says Tim.
Now that Slack is officially under IT control, everyone at BetterCloud benefits, not just shadow users. Since officially onboarding Slack, there are no more problems with creating Hangouts and hoping to include all the right people, says Dane Dunagan, BetterCloud Security and Release Manager. “Everyone has access to the channels they need and can be explicitly called upon to join in with @ messaging.”
As for Tim, he takes satisfaction in knowing he took Slack out from the shadows and gave ALL his users a tool to make their lives easier. “If I did my job right, when people think of Slack, the first thing they should think of is effective, reliable, efficient communication. If they think anything else, then I didn’t do a good job rolling out the service.”