Shadow IT is "positive deviance", says professor

Unlike BYOD, employees using 'unapproved' cloud services is an example of beneficial rule breaking, says Imperial's Professor Nelson Philips

Related topics
Cloud

Related articles

Is SaaS a threat to CIO control?
Is SaaS a threat to CIO control?
Accenture's "cloud broker" bid

Share article

Short of time?

Print this pageEmail article

Employees using public cloud services for work without going through IT is an example of "positive deviance" – breaking the rules in a beneficial manner, Professor Nelson Philips of Imperial College Business School said yesterday.

"They are breaking in the rules, but not for selfish reasons," Philips said. "They are doing to it because they want to collaborate more effectively, or respond to customers more quickly."

He contrasted so-called "shadow IT" with bring your own device (BYOD), which Philips says employees often demand for the selfish reason of wanting to use their favourite brand of smartphone. 

Philips made the remarks following the publication of a survey of 1,500 IT decision makers and 3,000 office workers by content marketing agency Vanson Bourne, paid for by VMware. 

It found that 72% of IT decision makers 'suspect' that "off-radar" cloud usage is beneficial. Just over half (53%) said it allows employees to find a solution faster than IT can provide, while 38% says it allow the business to be more responsive to customer needs. 

Of the office workers surveyed, 42% would use "unapproved" cloud services to get a job done, and 36% already have done. 

Philips, who studies organisation change and technology adoption, says that rather than seeking to ban "shadow IT" outright, CIOs should take a view on what public cloud services are acceptable for employee use. 

"You need to decide when this doesn't matter," he said. "You have to ask yourself, why not just let them do it?"

The legitimate reasons for curtailing "shadow IT" are security and cost-control, Philips argues. But, he added, CIOs should not necessarily assume there own systems are any more secure that cloud offerings.