Shadow IT or Emergent IT? Looking at Clouds from Both Sides.

I’ve looked at clouds from both sides now
From up and down, and still somehow
It’s cloud illusions I recall
I really don’t know clouds at all

— Joni Mitchell, Both Sides Now
Ms. Mitchell was on to something nearly fifty years ago when she wrote about the changeable nature of clouds. They can be what you want them to be—angel hair, ice cream castles, feather canyons—or they can rain and snow and cast shadows on your plans. You can look at the dark side of clouds and worry about the shadows and what you can’t see, or you can look at the cloud as a source of efficiency, collaboration and creative problem solving. Savvy organizations are embracing the latter, rejecting the former and wrongheaded notion of “shadow IT.”
For the enlightened, there is no such thing shadow IT. Such terminology is stifling, backward and more of a threat to the enterprise than the horde of vicious code that some fear conspires to bring down the network. Instead, let us think in terms of Emergent IT and of novel software applications that can meet specific needs in specific ways. Emergent IT is the freedom you and your employees have been looking for in an age of mobility.
We shouldn’t be surprised that there are still so many beating the drums of fear, uncertainty and doubt around adopting new tools and techniques, such as cloud applications. In 1967 the theory of the Diffusion of Innovators articulated a phenomenon that has existed for millennia, but it was Jeffrey Moore’s seminal book Crossing the Chasm in 1991that brought the idea into the mainstream. Chasm described the process by which technical innovations overcome the forces of tradition and conservative restraint to become essential, productive tools.
Handcuffed by the shadow IT mindset organizations become constrained within the boundaries of a rigid set of choices. As a result, employees will: be less productive than they might otherwise be; seek workarounds that ignore security protocols and allow them to use the tools they want; or grow discontented and leave for more progressive organization accommodating of their work styles and professional ambitions.
Liberated by Emergent IT, however, and employees will be empowered to make choices that result in greater productivity, efficiency and professional satisfaction. Yes, early adopters of Emergent IT will typically only constitute a small percentage of employees, but those pioneers may well find tools that become sanctioned applications used by a majority of employees in short order.
That is not to say that Emergent IT should not adhere to the same rigorous security standards and policies as all other technology in use by the enterprise. It should. But IT security in the cloud era must change whether or not you embracing Emergent IT fully or take a more conservative approach.
In an analysis of more than one million cloud applications users, Adallom’s 2014 Cloud Usage Risk Report found that activity within mainstream cloud applications resulted in an average of five percent of an organization’s private files being available via public links and shared with an average of 393 external domains. Furthermore, 37 percent of organizations found that they stored more cloud data in a single application——than in any cloud storage service.
Why? Mainstream cloud software services and applications that have been endorsed by the organization are regarded as inherently secure, encouraging behavior that is careless. As a result, we found that 29 percent of employees will share an average of 98 corporate files within these applications via their personal email accounts.
Having looked at clouds from both sides, now it’s time to emerge from out of their shadows. If you don’t, it’s likely because you really don’t know cloud at all.
Disclaimer: This article was written by a guest contributor in his/her personal capacity. The opinions expressed in this article are the author’s own and do not necessarily reflect those of the editorial staff at