Shadow IT Assessment Workshop (Full - 4 consulting days, 3 days onsite)

Objectives

• Understand what contributes to loss in investment and lost opportunity.
• Set a shadow IT strategy for the organization.
• Understand key future-state metrics and establish structured governance for periodic tracking.

Unit 1 - Introduction to Shadow IT

• Quick overview of workshop objectives and agenda.
• Setting context and formulating problem statements.
• Definitions of shadow IT.
• Research model overview and key metrics.
• Categories of shadow IT and suggested solutions.
• Review of existing industry solutions and tools.

Unit 2 - Exercise

Participants formalize a specific problem statement based on workshop objectives and gain an understanding of various aspects of shadow IT. The exercise includes resolving a class example.

Introduction to Shadow IT

Shadow IT — the use of unmanaged IT assets within a business — creates organizational risk and operational friction. Today, IT and business leaders need impartial insights into the size, scope, and risk of shadow IT. Many are unaware of the extent of shadow IT in their organization, as business processes that overlap with IT functions are not always widely understood or documented.

A survey indicated that over half of business managers believed they could procure IT solutions from external providers, bypassing the IT department. This finding suggests that shadow IT is more prevalent than initially assumed. Notably, a recurring theme was the importance of creating enterprise APIs as a means of fostering innovation both internally and with partners and customers. Misaligned perceptions regarding the prevalence of shadow IT impact a business’s capacity to mitigate security risks, comply with regulatory mandates, and maximize IT resources. Leaders now recognize that dismissing shadow IT is not viable, as a motivated workforce will find ways to achieve their objectives, with or without IT support.

Importance of Shadow IT Assessment

Enterprises face a relentless influx of new solutions, upgrades, and integrations. IT departments cannot address every request. Business-led collaborations with technology vendors can lead to projects that do not adhere to corporate standards or risk management requirements. Issues such as data protection, compliance, licensing, and morale can arise from these collaborations. While each organization’s shadow IT is unique, a standardized assessment process can be initiated using a methodology for a comprehensive evaluation. This workshop introduces a systematic approach to assess, control, and disclose shadow IT, enabling organizations to address issues constructively and foster better IT-business relationships.

Planning and Preparation for the Workshop

Whether an organization aims to understand its shadow IT landscape or to establish a comprehensive program, gathering initial inputs is essential. An interactive workshop will collect a wide array of shadow IT instances across dimensions like risk, penalties, potential rewards, and business impact. This data will be used to create a Quality/Functional Deployment matrix, which helps define a targeted approach.

Complete pre-workshop setup tasks before the start time. The first phase involves developing training materials and a model to assess shadow IT instances. This is followed by constructing a matrix based on identified risks and objectives. Subject matter experts review and rank candidates to refine the assessment model further.

Conducting On-Site Assessments

Upon arrival, the sponsor reviews the interview schedule with the host to ensure alignment. Initial walk-through interviews with department managers provide insights into the department’s mission and current and future roles. These interviews identify additional departments and staff who may need to be involved in the assessment.

The sponsor then revises the schedule based on insights from secondary interviews, setting agendas that address the department’s main issues and concerns. During primary interviews, a focused understanding of how the department operates is achieved. Additional staff may be contacted at the sponsor’s discretion to ensure comprehensive coverage. Upon completing the interviews, the sponsor gathers feedback from department stakeholders to draft a written summary, which will aid in establishing assessment criteria.