Don’t Be Afraid of Your Shadow IT

I had a conversation with a peer who is a Director of IT, recently, where the conversation turned to Shadow IT.  We discussed the challenges of an IT Department dealing with this group and their specific struggles with getting leadership to listen to them about the risks of having a rogue band running through the halls. For those not familiar with Shadow IT, it is the group of technology services and personnel outside the direct control of the Information Technology department.  Traditionally beginning with the Marketing department, it will usually leach into Finance before too long, among others.  For many senior IT leaders, it is the bane of their existence and a constant threat of a diminished role in the organization.  The reality is that Shadow IT is a necessity in many large organizations.  Most of my peers will have likely dropped their jaw at that comment, since the general consensus is to eradicate Shadow IT.  Unfortunately, its existence is nearly always due to a lack of customer service. 

 I have talked about the importance of customer service in the past. The manner in which technology is accepted is proportional to the manner in which that technology is delivered and supported.  So, how can we effectively measure the success or failure of our service?  A shadow technology presence is not an indication of the technology team’s efficiency or their capabilities.  A shadow team is an indication of how individual departments believe their needs are being met. 

 Most likely, other departments feel deprived of service in one of two categories, speed and agility.  As I noted earlier, the two departments most likely to build their own IT spinoff are Marketing and Finance.  In the case of Finance, the issue is likely speed.  Your DBA is tasked with so many projects and demand management is FIFO. When Finance comes asking for a customized report or needs a change to one of their applications, what is the response from the IT department? Usually, it is push back with the explanation that they are too busy working another project.  We all know IT departments are constantly being downsized and expected to do more with less.  The problem, however, is that business goes on.  The needs of the Finance department are real and directly impacts the success of the business as a whole.  With the demands that Finance faces (requests for improved and more current reports, simpler streamlined processes, executive requests for details on the financial strength of the company), they require immediate action.  It is easier for Finance to employ their own DBA or SQL guru to get the responsiveness they require than to fight it out with IT. 

With Marketing, it is agility.  Hopefully by now, most IT departments have implemented a Change Management (CM) program.  CM provides the stability an IT department requires to ensure constant operations; however, by its nature, a CM program impacts the department’s ability to react as quickly as other departments would want, like Marketing. The requests from Marketing are usually around new applications or making significant changes to existing software.  Simply look at the explosion of the use of Social Media.  Implementing APIs for Facebook, Twitter, Pinterest and the myriad other applications that keep emerging is taxing on the IT staff from the perspective of compliance with applicable policies.  It challenges the CC process in testing, verification, rollback and every other step to ensure that a specific program does not negatively affect the firm desktop PC image. Like Finance, however, Marketing can’t wait for IT to vet applications one at a time.  In their field, they need to keep pace with the competition in order to maintain a competitive edge.  So, rather than argue with the IT department, Marketing will find their own system administrators, web programmers, application developers, etc. Now there is no need to check with IT for changes, as they make them on their own.  But when things go wrong, who do they call?

The key to dealing with a shadow IT group is not to challenge it or attempt to dismantle it, but to embrace it.  Like Michael Corleone said “Keep your friends close and your enemies closer” (Okay, it was really Machiavelli, but who doesn’t love a “Godfather” reference).  Of course, that doesn’t mean you should look at them as adversaries either.  The key here is to accept that other departments have specific needs that the formal IT department will not be able to provide for one or more reasons under the PM trifecta be it time, money or resources.  Instead of trying to control every aspect of your organization’s technology, accept it.  More importantly, work with the other departments to establish ground rules for their techs.  Just because Marketing as a SysAdmin doesn’t mean they will have domain admin rights; but they will need full rights to their servers.  Similarly, Finance’s DBA doesn’t need access to the entire data warehouse; full SQL rights on their DB server will do just fine.  This establishes IT in a support role, which may be hard for some IT teams, but then again, you weren’t supporting them in the first place (and isn’t that how we got here?). More importantly, those technicians do not fall under IT’s headcount.  The projects the shadow groups work on? They don’t fall under IT’s budget.  The operational upkeep, however, is likely to fall to your group, so working with them gets you in the game instead of standing on the sideline, watching.  

Be careful, though. With these agreements and concessions comes the potential for a mentality swing in the opposite direction.  It is easy for the IT to fall into the “well, if you are going to install it then you can support it” thought.  Nothing could be further from the truth.  Remember, you are IT.  Anything that plugs in and turns on falls into your domain whether you like it or not. When Marketing’s webmaster hoses the webserver, they will be calling you to restore a former instance of the server.  When Finance’s DBA deletes a table, guess who gets a call.  Trying to stick by the “I told you so” stance will fall flat in a heartbeat.  Remember, IT is a department in the business, not the other way around. 

Research In Motion at a Cross Roads

Once upon a time there was a behemoth in the smartphone industry.  Research In Motion (RIM) and the Blackberry set the standard that all other devices and services were measured against.  In recent time, however, RIM’s market share has declined to a level that has made the blackberry nearly irrelevant to financial markets.  Recently, RIM reported its first loss in corporate history, which was surprising in that it was their first since the iPhone was released, and all indications point to a divestiture of RIM’s assets consisting of its Patents, Hardware, Software and their greatest holding, the immense private network used to interconnect every Blackberry device across 90 countries securely and reliably.  Unless they can shift their business model to and be accepted by a consumer market, the outlook appears inevitable.

How could a technology leader fall so quickly, in such a short time span?  The simple response is that RIM created their demise with their own technology and a lack of understanding the consumer.  With the initial deployment of the Blackberry product, centralized administration of technology was a building trend among IT personnel.  The Blackberry Exchange Server allowed for a single point of control with fine granularity from all users or to an individual device.   The ability to secure communications added to the interest in the Blackberry platform.  System administrators slept well at night knowing that their devices, and the data on them, were secure. 

Unfortunately, this focus on the administration of the device, while the key factor in its adoption, is the root cause of the failing long term sustainability of the platform.  By focusing on the Enterprise, RIM forsook the “consumerization” of their target demographic and the rise of the Bring Your Own Device (BYOD) movement.  They believed endorsements by the Government and large corporate dominance would sustain RIM through that pesky flash-in-the-pan, the iPhone.  Now, the iPhone is the new standard all other devices are compared and Android devices, while not considered equal to the iPhone’s capability depending on who you talk to, are taking over market share, the Blackberry is a distant third in market.  The Blackberry has become the Oldsmobile of the smartphone industry. 

The single saving grace that RIM has had in its steady decline has been its private network.  This is the infrastructure by which all Blackberry devices are connected and provides the secure connectivity capabilities that RIM has touted over other devices’ use of ActiveSync.  Several consumer groups in Europe and Asia have kept the Blackberry alive due to the Blackberry Network.  Each Blackberry has a PIN identifier.  Knowing the PIN for a particular individual allows a Blackberry user, utilizing Blackberry Messenger (BBM), to send SMS type messages that are extremely secure and  for free. On top of that, you can group participants in BBM, which creates a powerful communications tool as observed during a London riot last year. 

Now Microsoft has entered the ring after several mediocre attempts.  Windows Phone has matured to a competitive level and, along with its Metro platform tying into Windows 8 and truly linking the mobile and desktop experience, there is debate on the ability of Windows Phone being a realistic challenger to iPhone and android as the standard.  Additionally, Microsoft has announced that their new Windows Phone 8 devices will include Trusted Platform Modules (TPM).  The TPM is a hardware component that is the DNA of a device.  It takes all of the components of the whole device and creates a Hash value or checksum that represents it.  Should someone make a change to the hardware or break the integrity of the system, the Hash value would change and easily be identified as compromised.  Using TPM, an organization can securely link its devices together with confidence.  Also, this takes the human factor out of the security aspect of platform administration.  Instead of the user entering their user-name and password, which is regularly simple to guess or get through with brute force, the TPM is registered with the data center and the user credentials are a second keyset in a two-factor authentication.  This additional hardware component will mimic the ability of Blackberry to encrypt the device, ensure secure connectivity to services and establish secured data links across the open internet.   The significance here is the merging of secure hardware with network encryption and a platform that consumers will adopt.  Could this be the last nail for RIM?

Make no mistake; RIM has revolutionized mobile access technology.  The technology has driven productivity and advanced business capabilities beyond the desktop.  Without the Blackberry, some would say there would be no iPhone, iPad, Android, or what comes next.  The world has moved on from the centralized archetype from 15 years ago.  Perhaps, the Blackberry will find new life in Blackberry 10.  Until that proves true, Apple, Google and Microsoft will continue to widen the gap through a clear understanding of the consumer market and allowing the consumers to drive the BYOD movement.

Customer Service and the IT Department

What is the importance of customer service in IT? I mean, seriously, we just provide access to the internet, we set a PC on a desk, we do a bunch of stuff that amazes our moms and dads.  But, do we provide a service in the same sense as we perceive service delivery by a restaurant, doctor or hotel?

So often, I observe geeks demonstrating the very traits that our customers loath about IT.  We speak in acronyms and assume everyone understands what we are saying, including the obscure Star Wars reference.  We assume our customers will follow our every direction on what application to use, how to use it, or what equipment we need. We restart servers in the middle of the day without consideration for those using them.  We make changes without documenting them.  Is this service?  Is this how we would want to be treated in our favorite restaurant?  More importantly, what value do we bring? How do we contribute to the business this way?

The truth is we don't!  The IT department is, first and foremost, a service organization, much to the chagrin of the geeks.  Most see the Help Desk (or Service Desk) as the “Public Face” of IT when the entire department must be service oriented.  Unfortunately, the majority of techs are introverts with little patience for the interpersonal dealings with end-users.  Most techs project the problems of system adoption or product acceptance on to their customers, demonstrated in a response to a typical discussion board question:

“It's more of the fact that a lot computer users are the "illiterate" ones, causing a lot of problems and issues, like not running anti-virus, proper firewalls, etc. That can be easily proven by reading the questions (and repeat questions) here [on Yahoo Answers].”

Our customers use our products and services nearly every moment of every work day.  Yet, how often do we really consider the user experience?  Is the problem that the end-user is “illiterate” or is the IT team isolating themselves by their own actions?  In an ideal world, a new program or device has been tested in the field, the tech or programmer has met with those that will be using the technology to determine needs and requirements, and enough research into “what the business need is” to identify issues that would impact the end-user.  The reality, however, is that this rarely happens.  Traditionally, the concerns of the IT folks are compatibility with other applications, equipment, and the rolling out process with little concern for the day to day operations of the organization.  While the systems administration aspect of IT is very important in terms of security, reliability and interoperability, it is often accomplished to the detriment of their relationship with their customers and the success of the business. 

This isolation from the business is exactly why senior leadership consistently overlooks IT as a strategic benefit.  This paradigm holds many organizations from the very benefits that technology has to offer, such as driving growth and reducing costs.  In a time when businesses need to differentiate themselves, technology offers the competitive edge needed. 

The quickest way to accomplish this is through delivering outstanding customer service.  Think of the immediate and satisfying experience you have when you receive great service.  We should strive to delivering such an experience to the end-user.  This involves clearly and concisely communicating what we are doing, listening to our users (both audibly and visually) to determine their needs, and acting responsibly by accepting ownership of issues and being accountable to the organization.  If you are walking around like Nick Burns, you may have fixed a problem; but, did you really provide a service?