May I have your attention please? *
Ah "Shadow IT," it sounds so seedy and a little bit scary. And sadly the phrase has nothing to do with Blade Runner's rogue replicants. But it is in vogue, and even has its own Wikipedia entry. Interestingly, the Wikipedia definition seems to be a little tighter than what I see elsewhere:
"Shadow IT is a term often used to describe IT systems and IT solutions built and used inside organizations without explicit organizational approval"
Did you spot what I meant? This definition talks of "without organizational approval" rather than not being provided or sourced by the IT organization. Although I guess you could argue that the IT organization is usually the corporate mechanism for organizational approval.
But I digress. The point that I intended to write about is the old-skool "not on my network" IT mentality that crafted, and continues to use, the term "Shadow IT." Or "Stealth IT." Or even "Rogue IT." It's like we have built a fort on a hill, surrounded it with a moat, and pour boiling oil on anything that is not of our own creation. (Warning: similar gross generalizations will follow).
So, I nearly called this blog: "What IT Can Learn From Dallas Buyers Club"
I loved Dallas Buyers Club. It's an inspirational movie, if you haven't already seen it, and I'd be surprised if it doesn't win one, if not both, of the male actor Oscars this year.
Based on a true story, the lead character, Ron Woodruff, felt failed by the US health system and used his own initiative and resources to import unofficial "medications" to help AIDS patients (including himself) live as long, and as comfortably, as possible.
Does it sound familiar from an IT perspective too? The system being circumvented by "unhappy" users of IT services? Such opportunities are there to be taken.
But "Shadow IT"? Really?
To me it evokes mental images of Nosferatu-like employees hiding in dark alleyways as they secretly add new business-enhancing IT capabilities out of sight of their corporate IT overlords. With the garlic-laden IT professionals doing what they can to expunge the filthy practice that encroaches on their domain.
But sadly, they see all the dangers of "unofficial IT" but they don't see the upside. They also conveniently ignore the drivers of such behavior — the inability, perceived or otherwise, of the corporate IT organization to deliver, in a timely manner, against business function needs for new technology enablement.
So consider Shadow IT from the customer or consumer perspective (and, again, please forgive my gross generalizations and evilness): we, in IT, are the Shadow IT. We are the mysterious group that operates in the shadows, where people hide behind a bucket email address and process-enabled barriers. Left to our own devices (that's at least the third Pet Shop Boys link in this blog BTW) we've created an island far from the corporate mainland, where the inhabitants have no comprehension of the need for business and IT agility. Who knows, what we in IT call Shadow IT might be called "Easy IT" on the corporate mainland.
Think about the lead time and barriers to new IT, who could blame employees for thinking of the corporate IT organization as the place where their IT requests go to die?
Does IT live in a glass house (and it's a house with no mirrors)?
I still get annoyed when I see articles or blogs that talk of corporate IT organizations defending their territory from cloud, BYOD, and Shadow IT. It's sub-optimal behavior at best.
Why do we keep reinforcing the mentality and behavior that has IT at the center of the corporate universe? Why do we continue to think that the corporate IT organization has a right to exist? It doesn't. Like any other part of the enterprise it has to earn that right by fulfilling needs and demonstrating business value. Yes it might sound fluffy but it's very real (if not well defined).
So let's lower our defenses and look at Shadow IT through a different lens. Yes there might be maverick colleagues procuring cloud services because they think they know better than IT, or because they don't like IT. But saying that they can't do it is not the answer — think back to limiting employee access to internet, that didn't really work did it? Personally been there, done it, and bought that t-shirt.
Instead let's use some of those ITIL-espoused capabilities that we probably don't use as much as we should: business relationship management, continual service improvement, service portfolio management, empowerment with governance, or even root cause analysis to understand the reasons for Shadow IT. Let's take IT out of the shadows wherever that Shadow IT might sit.
I often describe IT as riding a bicycle with big peddles and big wheels but no breaks. And there is no benefit in peddling so fast if we can't occasionally slow down to see if we are in fact peddling in the right direction.
So, if you only do one thing after reading this blog, please look at Shadow IT from the employee perspective — you might just find that it is you.
As always, your thoughts and opinions are appreciated and actively encouraged. Feel free to call me out, and bonus points for any PSB references.
Image source = Flickr: plong's Photostream
* Title and first line courtesy of Eminem
1 Comment
