There can’t be an IT department on the planet that hasn’t discovered “shadow IT” at some point. Any business with creative, problem-solving users will naturally form small teams to deal with bottlenecks and holdups. When those users are technically savvy, it doesn’t take long before those teams are installing unauthorized apps, buying web services and even programming their own solutions to business problems.
To the dismay of the IT department, it sometimes seems as if everybody is having a go, with varying degrees of success. It’s sometimes not even clear when user self-reliance and creativity (good) becomes shadow IT (perceived bad).
What to do? On one hand, a rogue application can’t be ignored. It breaks internal security rules and flouts data protection regulation. It’s vulnerable to errors and obsolete, and users are constantly working with out-of-date information. The app won’t have been tested, and the service level is poor. A simple security audit would shut it down immediately.
On the other hand, the application fulfills a business need and an amateur application developer in the business can be an ally for the IT team/department. There’s a middle ground between laissez-faire and lockdown. As a former CIO and CTO in large organizations, I discovered that there were often capable, entrepreneurial “developers” outside the IT department who understood what their colleagues needed, knew how to provide it as a simple web service, but needed some help along the way.
Instead of policing the network and shutting down all rogue applications, IT professionals should instead be creating a framework to reward their work. They can do this by cooperating so that they can develop services without breaking internal security. The IT professionals can provide policy, standards, help with reuse, and expose interfaces to the data and related services the developers need.
Some of my colleagues at Fujitsu debated the first wave of digitalization and concluded that some disruption, even disobedience, is needed to realize the full benefits of digitalization. By encouraging and capturing the efforts of rogue applications developers across your organization, you are channeling that disobedience to help achieve the organizations’ digital strategy. Leverage these mavericks to the benefit of your goals.
There are some tasks that rightly remain the province of an IT department: e.g. secure backup, data integrity, a single sign-on, network service levels. But no one would volunteer to take this away from IT, even if they had access to the organization-wide resources they would need. Allowing developers to take advantage of IT’s security and service expertise empowers them to use their passion to build – and proactively support – apps that may benefit the entire enterprise.
With the maturing of technology and digitalization of the business becoming a reality these pressures and opportunities are all around us.
This isn’t a small change, but in my experience it is possible. Most IT departments have the expertise and the incentive; what some of them lack is the will to let this happen. It’s natural to feel threatened by shadow IT and refuse to “let go”. As IT professionals, we must ask ourselves, what are we letting go of? In many cases, it’s the tasks we don’t have the time or the inclination to do. Shadow IT can show us that other people can do an application development job just as well as we can – and sometimes better, if we want to create a truly Empowered Enterprise and enable the digital business together.