My previous blog looked at the ways in which Shadow IT (where Business procures technology services without the direct involvement of the central IT department) can enhance innovation and customer engagement.
Shadow IT is a problem IT has created for itself!
But the concept of Shadow IT – and the idea of circumventing IT governance processes – draws harsh criticism from some quarters. In this post, I’ll attempt to address the main arguments against Shadow IT:
Overcoming “legacy governance”
Business managers who directly buy IT services from vendors may draw the ire of Group IT – who complain that by flaunting governance processes they’re putting the organisation at risk.
Layers of governance have often been built up over decades, and many of the processes and rules belong to the yesteryear of IT portfolio management. We could almost refer to this as ‘legacy governance’.
Business leaders and executives should move the organisation towards a more modern approach: fit-for-purpose and pragmatic governance frameworks, which don’t sacrifice agility or speed to market.
By shifting away from a dogmatic reliance on outdated approaches, and thinking contextually, it becomes possible to embrace Shadow IT without incurring unnecessary risk.
Ask your CIO the difficult questions… How much business value the reams of red tape are actually bringing? Are they exacerbating the silo mentality and discouraging service integration and delivery on customer terms. Taking a service oriented approach to governance will force the service contributors to agree on their respective obligations and focus on the end customer.
IT security vs data management
It’s a complete fallacy to believe that hosted services from established Cloud providers will be any less secure than on-premise corporate infrastructure.
Due to the very nature of Cloud Computing, these service providers place security as the absolute highest priority, and pour substantial investments into this area. Their entire existence is dependent on watertight security. It’s time to evolve the conversation from basic IT system security, to the management and control of data.
Throughout the organisation, it’s every leader’s job to understand and mitigate data risks. Every business area should have a firm grip on how they will manage the lifecycle of their data – including storage, access, backup and retirement. More importantly, they should focus on continuity of operations and often (when all the risks are carefully considered) this is less risky in the cloud.
The ‘Time versus Value’ debate
Opponents of Shadow IT often lean on the argument that it causes duplication of effort, wasted resources, and an unravelling of centrally-consolidated IT vendor relationships.
However, if Group IT’s procurement processes are too narrow-minded, and take too long, then the Business is unable to adopt the latest technology, gain first-mover advantages, and provide exceptional customer experiences.
The nett effect is that these losses will often outweigh any gains that may have been derived from centralising supplier agreements. In the worst scenario, one’s market share is decimated by faster-moving competitors who are free to use the latest and greatest technology advancements.
Integration challenges.. take the politics out of play
In many cases, Shadow IT needs to be integrated into core enterprise systems (the keys to which are held with Group IT). As one can imagine, this can cause a standoff – with IT unwilling to work on any integration efforts.
This can be dealt with at senior levels in the organisation by appealing to the business imperatives, and taking personal politics out of play. By turning this into a business decision rather than a political issue, the company can start benefitting from Shadow IT. Group IT need to expose the business services required for innovation for consumption by other related micro services that support innovation.
Ensuring Business Continuity
As Shadow IT takes effect, and more SAAS-based solutions are deployed throughout the organisation, many fear that Business Continuity Management will be brought into jeopardy.
This can be addressed by thoroughly understanding the relationship of any particular SAAS, or micro-service, within the broader enterprise architecture. Get to know how your micro-service fits within the total value chain. On what systems is it dependent? And what systems are dependent on it? What are the risks, really?
As the concept matures, it’s time to recast Shadow IT. With better understanding from all parties, it can shed the persona of being rebellious and disruptive, and become a crucial aspect of an organisation’s IT portfolio, particularly as cloud and platform as a service offerings become increasingly robust and extensible into corporate environments.