With Marketing, it is agility. Hopefully by now, most IT departments have implemented a Change Management (CM) program. CM provides the stability an IT department requires to ensure constant operations; however, by its nature, a CM program impacts the department’s ability to react as quickly as other departments would want, like Marketing. The requests from Marketing are usually around new applications or making significant changes to existing software. Simply look at the explosion of the use of Social Media. Implementing APIs for Facebook, Twitter, Pinterest and the myriad other applications that keep emerging is taxing on the IT staff from the perspective of compliance with applicable policies. It challenges the CC process in testing, verification, rollback and every other step to ensure that a specific program does not negatively affect the firm desktop PC image. Like Finance, however, Marketing can’t wait for IT to vet applications one at a time. In their field, they need to keep pace with the competition in order to maintain a competitive edge. So, rather than argue with the IT department, Marketing will find their own system administrators, web programmers, application developers, etc. Now there is no need to check with IT for changes, as they make them on their own. But when things go wrong, who do they call?
The key to dealing with a shadow IT group is not to challenge it or attempt to dismantle it, but to embrace it. Like Michael Corleone said “Keep your friends close and your enemies closer” (Okay, it was really Machiavelli, but who doesn’t love a “Godfather” reference). Of course, that doesn’t mean you should look at them as adversaries either. The key here is to accept that other departments have specific needs that the formal IT department will not be able to provide for one or more reasons under the PM trifecta be it time, money or resources. Instead of trying to control every aspect of your organization’s technology, accept it. More importantly, work with the other departments to establish ground rules for their techs. Just because Marketing as a SysAdmin doesn’t mean they will have domain admin rights; but they will need full rights to their servers. Similarly, Finance’s DBA doesn’t need access to the entire data warehouse; full SQL rights on their DB server will do just fine. This establishes IT in a support role, which may be hard for some IT teams, but then again, you weren’t supporting them in the first place (and isn’t that how we got here?). More importantly, those technicians do not fall under IT’s headcount. The projects the shadow groups work on? They don’t fall under IT’s budget. The operational upkeep, however, is likely to fall to your group, so working with them gets you in the game instead of standing on the sideline, watching.
Be careful, though. With these agreements and concessions comes the potential for a mentality swing in the opposite direction. It is easy for the IT to fall into the “well, if you are going to install it then you can support it” thought. Nothing could be further from the truth. Remember, you are IT. Anything that plugs in and turns on falls into your domain whether you like it or not. When Marketing’s webmaster hoses the webserver, they will be calling you to restore a former instance of the server. When Finance’s DBA deletes a table, guess who gets a call. Trying to stick by the “I told you so” stance will fall flat in a heartbeat. Remember, IT is a department in the business, not the other way around.
 
