Feature The concept of "shadow IT" is a familiar one. One of my favourite descriptions of it comes from security vendor Forcepoint, which says shadow IT is "the use of information technology systems, devices, software, applications, and services without explicit IT department approval."
The majority of organisations — particularly the IT and security teams — are conscious of the potential threats from shadow IT and are on the lookout for it so it can be stamped on. Yet many such organisations are, in parallel, running activities whose outcomes can present just as big a problem as shadow IT.
Let us take a real-life example. An innovative company devised a novel new concept — in this case an internet-facing service that interfaced to various core systems at the back end. The architecture called for ten or so servers — load balancers, web-facing servers and back-end servers, all doubled up in the interests of resilience. There was no particular reliance on a specific platform or application — that is, there was no compulsion to run a Windows infrastructure because there was no reliance on (say) SQL Server or Active Directory, and there was nothing special about the virtual server infrastructure, hence the designers could be operating system agnostic.
A few weeks later, the tech was running wonderfully on one of the popular Linux distributions. It worked well, it performed wonderfully, and customer take-up was good.