The Shadow IT Conundrum
What is the fundamental difference between a Commando and a Terrorist? A Commando is trained very well on combat and uses that capabilities to protect and makes the kill only when necessary. Whereas a Terrorist is also trained, mostly on propaganda and usage of firearms and his/her primary goal is to make as many kills as possible.
At the outset, for someone who is ignorant about the fundamental makeup, responsibilities and differences between the both, there is a very common tendency to measure the performance of both based on the number of kills made… there is no prize to guess who wins hands down.
Take this comparison to technology work. Mainstream IT and Shadow IT. Anyone who has learned a bit of programming can cook-up smart utilities, dashboard and reporting systems that creates an initial wow factor to the executives who may not understand the underlying complexities of cyber safety. Now, this smart-ass approach by shadow IT teams to cook up such utilities have traditionally, over years, put the mainstream IT organizations at the spot for not being innovative, not fast enough and for their lack of business acumen. And when exposures caused by bad architecture, poor code and lack of data protection bubble up, the accountability stops at mainstream IT causing significant negativity, frustration and blame game. There are two key departments where I have seen the tendency for mushrooming of shadow IT — Analytics and Engineering IT. While the first one want to cash in on reliable decision making (and the wow factor) for the leaders, the other is a crossing ground of technology — engineering and information.
Can we really do away with Shadow IT or Mainstream IT to maintain only one? The answer is NO. Then what is the solution for this provocative, at the same time useful situation? To understand this, we will have to peel the onion beyond a few layers.
Barring a few new-generation companies, Information Technology is still an SG&A (selling, general & administrative) expense and in the larger canvas of things IT adds to the bottom-line cost. And in the world of economics, if an organization has to thrive and grow, they have to deliver on EPS (earnings per share) and hence reduce bottom-line expenses including IT. Most IT organizations have been stuck in this cycle of cost reduction over many years and have reached a point where service quality has been severely impacted while the reliance on IT to run the businesses has grown multi-fold. This continued even for those organizations where IT started playing a key role on driving top-line revenue through IT embedded solutions and services, digital offerings, new sales channels, social presence, data driven decision making… to name a few. To add salt to the wounds, the new trends of RPA, AI and BOTS have not made any breakthrough impact on reducing cost, barring isolated sparks. Additionally, the manner in which the technology grew has created a lot of avenues of cyber risks we are exposed to.
While this continued on one side, the business was getting frustrated by the apparent lack of focus (& money) on solutions that the businesses need to invest in. And like any leader who may not have an understanding of some other domain, they failed to understand why this was a big deal to buy a few licenses, throw in a few developers and run a few servers under their desks to meet their immediate business needs. The lack of understanding on “technical debt” and how that could become a Damocles’ s sword over their own head if not planned and managed properly — added fire to the events. This turned out to be “wishful thinking” at its best — and eventually led to the lack of confidence and trust among the business leaders for their IT counterparts.
In layman’s language, this could be compared as someone getting on the freeway on a motorbike without necessary protective gear. You are covering great distances with very less preparation, but the reality that you haven’t crashed yet does not make this a good solution approach. And if that happens, it will be fatal, and your business may never recover from that.
In my opinion, the HR organization needs to play a very important role through their tried and tested approach of job rotation and bubble assignments across multiple functions and disciplines. There is an increasingly important requirement to cross pollinate skills, knowledge and disciplines if we need to spend less energy on fighting each other and work on collaborating to be successful.
I will be keen to understand your perspectives on how organizations have (or can) address this common issue.
Originally published at https://www.linkedin.com.
