Monday, September 24, 2012

Don’t Be Afraid of Your Shadow IT

I had a conversation with a peer who is a Director of IT, recently, where the conversation turned to Shadow IT.  We discussed the challenges of an IT Department dealing with this group and their specific struggles with getting leadership to listen to them about the risks of having a rogue band running through the halls. For those not familiar with Shadow IT, it is the group of technology services and personnel outside the direct control of the Information Technology department.  Traditionally beginning with the Marketing department, it will usually leach into Finance before too long, among others.  For many senior IT leaders, it is the bane of their existence and a constant threat of a diminished role in the organization.  The reality is that Shadow IT is a necessity in many large organizations.  Most of my peers will have likely dropped their jaw at that comment, since the general consensus is to eradicate Shadow IT.  Unfortunately, its existence is nearly always due to a lack of customer service. 

 I have talked about the importance of customer service in the past. The manner in which technology is accepted is proportional to the manner in which that technology is delivered and supported.  So, how can we effectively measure the success or failure of our service?  A shadow technology presence is not an indication of the technology team’s efficiency or their capabilities.  A shadow team is an indication of how individual departments believe their needs are being met. 

 Most likely, other departments feel deprived of service in one of two categories, speed and agility.  As I noted earlier, the two departments most likely to build their own IT spinoff are Marketing and Finance.  In the case of Finance, the issue is likely speed.  Your DBA is tasked with so many projects and demand management is FIFO. When Finance comes asking for a customized report or needs a change to one of their applications, what is the response from the IT department? Usually, it is push back with the explanation that they are too busy working another project.  We all know IT departments are constantly being downsized and expected to do more with less.  The problem, however, is that business goes on.  The needs of the Finance department are real and directly impacts the success of the business as a whole.  With the demands that Finance faces (requests for improved and more current reports, simpler streamlined processes, executive requests for details on the financial strength of the company), they require immediate action.  It is easier for Finance to employ their own DBA or SQL guru to get the responsiveness they require than to fight it out with IT. 

With Marketing, it is agility.  Hopefully by now, most IT departments have implemented a Change Management (CM) program.  CM provides the stability an IT department requires to ensure constant operations; however, by its nature, a CM program impacts the department’s ability to react as quickly as other departments would want, like Marketing. The requests from Marketing are usually around new applications or making significant changes to existing software.  Simply look at the explosion of the use of Social Media.  Implementing APIs for Facebook, Twitter, Pinterest and the myriad other applications that keep emerging is taxing on the IT staff from the perspective of compliance with applicable policies.  It challenges the CC process in testing, verification, rollback and every other step to ensure that a specific program does not negatively affect the firm desktop PC image. Like Finance, however, Marketing can’t wait for IT to vet applications one at a time.  In their field, they need to keep pace with the competition in order to maintain a competitive edge.  So, rather than argue with the IT department, Marketing will find their own system administrators, web programmers, application developers, etc. Now there is no need to check with IT for changes, as they make them on their own.  But when things go wrong, who do they call?

The key to dealing with a shadow IT group is not to challenge it or attempt to dismantle it, but to embrace it.  Like Michael Corleone said “Keep your friends close and your enemies closer” (Okay, it was really Machiavelli, but who doesn’t love a “Godfather” reference).  Of course, that doesn’t mean you should look at them as adversaries either.  The key here is to accept that other departments have specific needs that the formal IT department will not be able to provide for one or more reasons under the PM trifecta be it time, money or resources.  Instead of trying to control every aspect of your organization’s technology, accept it.  More importantly, work with the other departments to establish ground rules for their techs.  Just because Marketing as a SysAdmin doesn’t mean they will have domain admin rights; but they will need full rights to their servers.  Similarly, Finance’s DBA doesn’t need access to the entire data warehouse; full SQL rights on their DB server will do just fine.  This establishes IT in a support role, which may be hard for some IT teams, but then again, you weren’t supporting them in the first place (and isn’t that how we got here?). More importantly, those technicians do not fall under IT’s headcount.  The projects the shadow groups work on? They don’t fall under IT’s budget.  The operational upkeep, however, is likely to fall to your group, so working with them gets you in the game instead of standing on the sideline, watching.  

Be careful, though. With these agreements and concessions comes the potential for a mentality swing in the opposite direction.  It is easy for the IT to fall into the “well, if you are going to install it then you can support it” thought.  Nothing could be further from the truth.  Remember, you are IT.  Anything that plugs in and turns on falls into your domain whether you like it or not. When Marketing’s webmaster hoses the webserver, they will be calling you to restore a former instance of the server.  When Finance’s DBA deletes a table, guess who gets a call.  Trying to stick by the “I told you so” stance will fall flat in a heartbeat.  Remember, IT is a department in the business, not the other way around.