Why you need to adopt Shadow IT
This article discusses what Shadow IT is, why it exists, why it’s only getting bigger and what can be done about it.
What is it?
Shadow IT is an IT solution implemented by a Business Unit in isolation from its IT Department. With the consumerism of IT and cloud computing, the meaning now includes personal technology that employees use at work or cloud services that meet the unique needs of a particular business division and is supported by a third-party service provider or in-house group instead of by corporate IT.
Shadow IT is usually made up of islands of automation, often built on shabby foundations with IT called in to fix things when they go wrong. A classic example of this is business applications built on large numbers of spreadsheets, simple databases, or cheap, poorly supported applications because the business need was so great it could not wait for an IT solution. A failure to meet user demands results in the growth of unauthorised, parallel Shadow IT, where users adapt unauthorized tools for corporate and personal tasks.
Why is it viewed as a Problem?
Because it operates outside of the corporate IT Architecture (introducing unsupported products and standards) that causes a myriad of support and integration problems for IT. The usual problems are:
1. Is usually not subject to appropriate Due Diligence (introducing poor contracts and support agreements and often costs too much).
2. Introduces Support personnel who do not subscribe to IT’s formal development standards.
3. Introduces Security risks when unsupported hardware and software are not subject to the same security measures that are applied to supported technologies.
4. Can negatively affect the user experience of other employees by impacting bandwidth and creating situations in which network or software application protocols conflict.
5. Shadow IT can also become a compliance concern when, for example, an employee stores corporate data in their personal Dropbox account.
6. IT administrators fear that end users will create data silos and prevent information from flowing freely throughout the organization.
7. Use of unlicensed software and applications creates opportunities for corporate information to fall into the wrong hands.
8. It can lead to networks being compromised and threaten an organisation's entire security infrastructure.
How is it Managed?
The Business Unit manages the supplier and the system until they strike problems such as broader systems integration, interfaces, database incompatibilities, non-standard UI and UX design features and finally, ongoing support and development. The Business Unit then expects IT to take over management of the solution, and IT has no or little choice.
Why do Business Units do it?
It needs to be said that the if you were the head of a Business Unit who receives your IT from a common central IT Department, then these reasons make a whole lot of sense. Shadow IT has been happening by stealth for 30+ years and it continues to survive because:
1. IT literacy has grown enormously among employees and is almost ubiquitous for those under the age of 30.
2. IT departments fail to keep pace with employees' technology demands and the consumerisation of IT.
3. IT takes too long to deliver a solution and when it does it is often not fit for purpose and has cost too much.
4. Business Units have nearly always been more successful than IT in specifying and interpreting their IT requirements to solve business problems.
5. A segregated IT with its processes for managing business requests has always been seen as a roadblock that reduces the agility, speed, and flexibility customers demand.
6. IT employs technical staff who do not have business training or understanding. This lengthens the Applications Development timeframes and is the primary reason for mismatched Business expectations.
7. Low customer satisfaction levels: - The biggest problem with low customer satisfaction levels is that users lose faith in IT’s ability to provide quality solutions to fix problems promptly, causing in some cases, the users to stop reporting problems altogether. This encourages users to try to find their own IT solutions (shadow IT) and fix their problems. The problems with low business unit staff satisfaction levels are reduced personal accountability for work, higher than normal incidences of wilful blindness and increased staff turnover with associated loss of Business memory.
8. Continued lack of business focus: - The most common complaint about IT and a major source of stress is that IT is not business focussed or business-friendly. There are two causes of this: 1, most IT staff simply do not have business training, business experience or knowledge and are therefore largely incapable of appreciating what the business does or its priorities. They also fail to understand that IT does not pay their salaries; the business does, and they also fail to appreciate that IT is a business service and support function, that it does not generate corporate revenues; rather, it is a business cost. 2, IT does not recognize that business needs are always priority one and IT needs are priority two. This is a key lesson that many IT managers and their staff need to learn.
9. Lack of business trust and partnership: - IT often complains that the business does not follow IT process or deliver what’s been agreed and that the business constantly expects unplanned work to be delivered in short, unrealistic timeframes. On the other side of the coin, the business does not trust that IT will deliver as promised, often able to cite a litany of letdowns. The real issue is that IT is not part of the business planning process. (IT thinks it should be the other way around.)
10. Business drive: - CIOs are not acting or leading as business leaders. Too often, they remain IT-focused. CIOs need to come up with visionary plans and goals that can make an organisation thrive. While remaining focused on technology is still a necessity of the job, CIOs are now being challenged to use IT strategies and solutions to drive business innovation and transformation. Strategic business is now an essential part of the CIO role, and to be successful, a CIO needs to embrace it without hesitation. IT has become influential and proactive in the workplace due to smart CIOs presenting a business plan of how tech can help organisations do better than their competitors.
In other words, Business Units do it to stay in business.
What is IT doing?
CIOs are currently reacting in one of two ways: either cracking down on web use permissions and imposing blanket bans on using such resources in the workplace or ignoring the issue and hoping the problem will go away.
Instead, CIOs should look to adapt to shadow IT by working to successfully manage the introduction of responsibilities and ownership of role-based activities around content versus enterprise-based procedures around data.
What is a solution for Shadow IT?
One solution that I have used many times is High-Performance Hybrid IT. The Hybrid IT model, underpinned with Cloud computing, recognises and incorporates Business Unit Shadow IT allowing business units to act independently within a common Business Unit/IT Framework based on Cloud services.
Shadow IT unfailingly does what the business unit wants; the business doesn’t have to wait for an IT governance process to give green light; it simply gets what it needs now. The High-Performance Hybrid IT model views these free business sources as ‘outsourced application teams’ - that have great business analysts that present great opportunities. High-Performance Hybrid IT manages these business teams by extending the IT Architecture over them, providing support and guidance to the Shadow IT developers. In this way Hybrid, IT recognises that Shadow IT is here to stay and incorporates it into a new IT Management model, namely Hybrid IT. With Cloud computing comes the opportunity to formalise Shadow IT, which is what the Hybrid IT Model does.
Hybrid IT - Organization
Hybrid IT splits IT into two parts, 1. IT Shared Services, and 2. Decentralized Business Unit IT Services with the latter controlled by a common Business Unit/IT Framework.
1. IT Shared Services
Centralized services are those services that are shared by all Business Units. Under Hybrid IT, these services remain centralized and are managed in accordance with the High-Performance IT Performance and Productivity model. These services are:
1. Security.
2. Service Desk:
a. In-House, or
b. Managed Services Provider.
3. Architecture:
a. Technology.
b. Technical.
c. Data.
d. Standards.
e. Hardware/Software Catalogue.
4. Business Unit IT support:
a. Project Management Process.
b. Applications Development Methodologies.
c. Intranet Administration.
d. Process.
e. Business Unit IT Training.
5. Data Centre:
a. In-House, or
b. Managed Cloud Services.
This model has some significant benefits.
1. The model is based upon the High-Performance IT organizational structure where the CIO employs either a High-Performance or Transformational leadership style.
2. The IT Teams are High-Performance teams.
3. The model recognises that the business is better positioned to specify and build Applications. Added to this, the business can do its own hardware installs – both these activities are controlled by an overarching IT Architecture.
4. The model is all about performance and productivity excellence, placing customers’ needs first, IT staff needs second and technology third.
5. It provides the IT executive with a departmental macro view of performance, allowing IT managers to share productivity outcomes, failures, and successes.
6. Staff and customer satisfaction levels are considerably higher.
2. Decentralized Business Unit IT - Management and Organization
Business Unit management is typically based on the Traditional Management model with Traditional team structures in place. The Business Unit IT Team can be managed as either a Traditional or a High-Performance Team.
Business Unit IT Framework - Services
1. Hardware/Software purchase and installation. (Common Hardware/Software Catalogue)
2. Applications Development. (Common Build, Support, Libraries, Toolkits)
3. Intranet Publication. (Process, How to Guidelines, Documentation)
This model has some significant benefits
· It recognises that the business is in a better position to specify and build Applications. Added to this, the business can do its own hardware installs – both these activities are controlled by an overarching IT Architecture.
· Staff and customer satisfaction levels are considerably higher.
· It facilitates companies that want to move toward distributed networks of tech expertise and knowledge throughout their organizations.
Hybrid IT Promotes business Trust and Partnership
High-Performance Hybrid IT embeds an IT person into the business planning process (yes – Mohammed goes to the mountain) so that business intentions and requirements are known about early. Under High-Performance Hybrid IT this person is called a Business Liaison Officer – an IT middle or senior manager that joins business planning meetings as an observer and all going well as a contributor. Sold the right way, most business units see the sense in this.
High-Performance Hybrid IT manages the business relationship as a joint venture. It recognises that delivering faster results is held back by the need for arm’s-length formality, where IT “negotiates” service-level agreements while requiring its business “customers” to “sign off on requirements and specifications,” as against informal conversations that start with, “What are you trying to accomplish and how can we help you?”
At one time I called the formal approach “best practice.” but not anymore. IT is better placed and better served by getting into bed with the business and fostering strong informal and formal relationships, with the objective of avoiding the need to negotiate everything. Why? Because firstly the customer is always right and secondly negotiation is for people sitting on opposite sides of the table. If IT talks to the business as a partner and is aware of business needs early enough, then there is plenty of room for compromise and mutually beneficial outcomes.