Wednesday, May 08, 2013

Shadow IT – if you can’t stop ‘em, join ‘em

There is a silent revolution brewing in the enterprise, and it is not cloud computing any more. Cloud computing, while evolving from blue-sky thinking to mainstream phenom in a few years, has resulted in several ripple effects across IT.

One that is particularly disturbing for IT managers is Shadow IT, or the introduction of technology within a company from the bottom-up. This refers to situations where new products and solutions are not brought in via a centralized evaluation and purchase process with oversight from the powers that be, but from the people in the trenches.

And not necessarily from select people in the trenches – the enterprise architects or software engineers who can perhaps be relied on to conduct their due diligence prior to acquiring new technology, but anyone in the company, regardless of their title and pay-scale can be the initiator.

One doesn’t have to look far to understand way. Business moves fast, and end-users want to keep up. Leveraging many of the SaaS-based tools and products out there allows them to do exactly that. Astute IT leaders are caught between a rock and a hard place - they don’t want IT being viewed as the anchor that slows innovation and growth, but they also don't want to see business being hurt on their watch due to lapses in security, compliance or performance.

As one starts digging deeper, the nature of this problem becomes more apparent. Products traditionally deployed within enterprises have been vetted by IT and set up for proper security and manageability, but they can have gaps and tend to be harder to use. A few years ago, employees had no choice but to reach for the nearest set of manuals, call Help Desk and log a ticket, or spend hours and days attending webinars and training sessions before they were able to use those products. Now, the prevailing feeling is “if a product requires me to read a manual, it’s friggin broken!”

Fueling that feeling, there's an ecosystem comprising hundreds of vendors offering various tools and solution alternatives in the cloud. Individual, group and department-level users are tempted to sign up, evaluate and/or use these software without IT's involvement. These are tools that are sometimes free, or may cost a few hundred dollars per month and easily fit into the budget of many managers.  At times, even non-managerial employees happily sign up for some of these services using their personal credit card, given the immense productivity gains and ease-of-use they bring to the table.

By the time IT becomes aware, that software may already be well entrenched in the organization regardless of its quirks (or ahem... security holes) that IT is now forced to deal with.

These scenarios have placed IT in the crosshairs to take control of the situation, scan workstation logs and network ports for rogue usage, and enforce requisite standards for user privacy, data confidentiality, scalability and manageability. But punitive measures don’t exactly endear IT to their business counterparts - a recent survey by InformationWeek finds less than half of non-IT personnel regard IT to be integral to their business. Nor are such measures 100% effective.

The reality is that technology purchasing is undergoing unprecedented decentralization and that is here to stay. Attempting to control or put an outright stop to these practices is akin to swimming upstream and will eventually fail. Leading analyst firms estimate as much as 35% of enterprise technology spend will fall outside the IT department's budget within the next two years.

So what is a CIO to do?

I recently watched an Andreessen Horowitz video The Renaissance of Enterprise Computing where Gary Reiner, former CIO of General Electric says “if I was a CIO now, my job would be much more about procuring solutions than managing people.”

Gary’s statement points to the elephant in the room. IT has to participate in the process and guide it, rather than attempting to confront and control it.

But that may seem easier said than done. IT is its own victim due to the segregated collaboration tools and linear approval mechanisms such as ticketing systems and intranet portals implemented in the past. These intrinsically suffer from excessive communication latency and workflows that are hard-pressed to meet the urgency associated with seemingly mundane technology requests from business. End users are no longer content to send an email or log a ticket and wait for IT to act on it. They instead turn to the latest SaaS provider their spouse or neighbor was talking about, and are off and running in minutes and hours rather than days and weeks.

Newly launched SelectHub is designed to address this very issue. SelectHub enables both end-users and IT, along with other key stakeholders (Procurement, Finance, Enterprise Architecture and budget owners/managers) to be in lockstep throughout the evaluation process. Any of the above stakeholders can initiate an evaluation project within SelectHub with just a few clicks, invite other key personnel, assign them specific roles and each party can proceed to specify the scope, requirements and success criteria that matter most to them as well as engage in peer-level conversations regarding each area’s necessity and impact.  Project participants would have visibility to all or part of the project, based on their roles. 

Regardless of whether a software project conforms to a centralized top-down purchasing model, or occurs at a grassroots level, SelectHub serves as the tactical link between IT and business to accelerate evaluation and rollout of the right solution while enhancing IT participation and governance.  Instead of treating each other as policy violators or innovation stoppers, both parties can pool their expertise and achieve measurable progress while eliminating altogether the fragmented communication and back-and-forth delays associated with emails and tickets.

Shadow IT inevitably results in loss of control and compromised security. With SelectHub, IT can take affirmative action by initiating or participating in, and influencing the evaluation process to orchestrate a reasonably satisfactory outcome for all stakeholders.