A marketing executive walked into her organization’s IT group and told the first person she saw that she needed help. All she wanted, she said, was to export her WordPress site’s subscriber data into an Excel spreadsheet. Simple.
That task wasn’t simple at all, not with the scripts someone in her business unit had his young son install. The IT group’s manager tells the story and adds in a surprising burst, “I hate shadow IT!”
Business units resort to shadow IT when their organization’s central IT departments say there’s no budget, no time, and, frankly, no interest. “Wait,” says IT.
But these desperate units can’t wait—they’ve got businesses to run. So semi-skilled techs within the group do what they can, which is plenty, thanks to the wave of ever easier-to-use solutions.
That might be fine, except for the inevitable disruption, such as the marketing executive’s WordPress site. Even worse, it exposes entire organizations to ransomware’s hot breath.
What could possibly resolve this dilemma?
A slew of academic research has pondered shadow IT, and most researchers seem to come out of the “I hate shadow IT!” corner. Judging from their tone, they view shadow IT systems like a basement nest of rats. Solutions amount to IT’s equivalents of poison, traps, and predators.
A friendlier tone came from a recent Gartner Inc. webinar, “CIO Strategy: Manage the Opportunities & Risks of Democratized Business-Led IT.” One slide read, “CIOs can no longer ‘own’ the entire organizational technology estate.” Correct. “And there is danger should they try to!” Agreed. “Half of business unit leaders with technical capacity think they have a better understanding of requirements they need than the IT organization.” Probably so, and perhaps for good reason.
One 30-year veteran of data management consulting comes out from shadow IT’s corner swinging hard. “How can you be angry at shadow IT?” said Evan Levy, partner with IntegralData, and more recently of SAS Analytics. For more than 30 years, he’s been one of the IT industry’s most sought after data management consultants.
“You can be angry at people breaking certain types of data guidelines,” he said, “but that’s probably because you haven’t invested in governance. You haven’t invested in frameworks for people to be more self-sufficient.”
The crux of the problem, he said, is that IT departments have often failed to create new business models that respond to evolving needs. IT is usually so focused on the old model that they’re not supporting the business.
Business units are justified in telling IT, “I’ve got a business responsibility to address. I’m not here to conform to your standards. You need to conform to mine!”
In Levy’s view, IT has always been in the role of putting itself out of business. Its original mandate, he said, was to reduce costs by automating business processes. It succeeded. But in the decades since, things evolved away from mass automation and into custom business process enablement. So, while IT still runs the big automation systems, newer technology and the business needs they serve have outrun IT.
Central IT isn’t even structured to serve those newer needs, he said. It’s typically managed by budgets, not customer initiatives.
“IT opened up Pandora’s box when they couldn’t respond to the needs that users had,” Evan explained. They can’t do a one-off report or load a one-off data source for a one-off user.
One particular peril of the shadow IT vs. central IT struggle is the rising chance of weakened security. Business unit techs are often naive about it. The IT department is, of course, shocked. But sometimes even IT departments themselves fail.
The On-Call Consultancy
At least one veteran consultant who straddles the shadows and central IT’s bright lights finds that both sides in many organizations need improvement.
Dan Murray, director of strategic innovation at tech consultancy InterWorks, said that old-school thinking is still pervasive. The IT group, especially in midsize organizations, may have three people, and they’re all the kinds of guys who could fix the printer 10 years ago. “You’ve got to stay up with tech. It moves.”
Even worse, some central IT departments fail to appreciate security’s urgency. Among the common myths he hears is that the company is too small to be a target.
“You think you’re a small backwater?” said Murray. “You’re the ideal target. If I was in that business, I’d be going after you first because you’d be easy pickings, and you’d probably pay. And we’d be sensitive to how much you could afford.”
If central IT is close to outliving its era, and business units increasingly find themselves forced to serve themselves, the happy resolution points away from any central IT group and away from shadow IT. Instead, IT requirements might be met best by a group of consultants who can help as needed.
The IT manager who “hates shadow IT” and the marketing executive with the WordPress site are far from unique. Everyone seems to hate shadow IT. But each side hates it for different reasons. Without it, business units resort to do-it-yourself solutions outside of their expertise.
With it, central IT has a harder time producing one-size-fits-all solutions.
The best scenario is a transformation of IT into a service bureau. Another solid option is to hire an agency, similar to what Murray describes. Whichever way a company decides to go, the key is to shine the light on all shadow IT in your organization, and remove every trace of it.