Go into any company with a formal IT group and you'll also find some "shadow IT" groups. Shadow IT is the un-official IT group that people have learned to depend on to get things done. You know the folks I'm talking about. It's the lady 2 cubicles down from you that you go to ask questions about Excel. It's the engineer you go to when you have a question about your PC. It's the guy that loads a bootlegged copy of a program on your PC for you or wrote the Access database that your department's operations have come to depend on. It's the people the IT folks dismissively refer to as "those cowboys". It's the guy that installed the scanner for you that upset IT so much when you called them for support because they didn't even know you had a scanner. It's not anyone in the IT group.
Shadow IT is the bane of formal IT's existence. Just go ask your IT manager about shadow IT and watch the veins in their forehead pop out. Shadow IT can really be a problem for a company. The problems with shadow IT have to do how they deal with issues of:
- Documentation - Why should Sally document what she did? She's the only one that works on it. It's not like she might ever quit or get sick or infamously get hit by a bus. Right?
- Backup - Backup is just a hassle. It's running on a reliable PC. What could go wrong?
- Standards Compliance - Why bother using IT's programming or hardware standards? It's not like we'll ever ask IT for help or want to connect to other systems is it?
- Security - Security just gets in the way. We all know each other don't we? Would anyone really snoop through my files for salary information?
- Testing - I've been doing this for along time. There's no need to test. The result look about right so it must be running perfectly.
- Inefficiencies - Sure my shadow IT activities take up a lot of time but it's more fun than what I'm supposed to be doing. Besides, Joe the Ph.D research engineer over in the R&D's shadow IT group is helping me write a database for our department phone directory.
- Software Licensing - One extra copy won't hurt. It's easier than going through IT and Purchasing to get a legal one. Besides, Microsoft makes too much money anyway.
- Proper Control - Controls just slow us down. Besides it's the IT guys not us that have to answer to the Sarbanes-Oxley (a.k.a. SOX or Sarbox) auditors.
These are all valid concerns for both the company and IT and IT managers understandably want to do something about getting this under control. Typical reactions include doing such things as:
- Locking down PCs and limiting what users can do on them
- Issuing strongly worded memos
- Going to the boss's staff meeting and getting all the managers to agree to talk to their people about this
- Writing lengthy and detailed policies and procedures
- Complaining to the boss about what problems it is causing us
- Talking to the department manager and explain the situation to them so they understand they really need to work through IT
- Ranting to anyone who will listen about how miserable shadow IT is making your life
Despite all of these valiant efforts, shadow IT continues to thrive. Why is this? Perhaps it is due to:
- Accessibility - They are in my area. They are very easy to access them.
- Responsiveness - They respond quickly. I tell them what I need and it gets done.
- Dedication - They only work on my problems. The only problems I have with competing priorities are from others in my group.
- They know my business - Shadow IT knows my business and what I need. After all, when they occasionally aren't doing IT stuff they do the same things I do.
- Easy to use - It's easy to use shadow IT. No Help Desk to go through, no project request forms, no cost/benefit analyses, no Steering Committee reviews.
The reality is that no amount of ranting and raving, or writing of policies and procedures or threats or talking with managers will stop shadow IT. The perceived benefits are just too attractive to users and their managers. In my opinion the only way to put an end to shadow IT is for formal IT to compete with shadow IT head-on and outperform it. We need to have more shadow IT groups by forming them out of IT.
Doing this means changing the way we have traditionally organized and run IT. It also means giving up some control. In a nutshell I'm suggesting that we physically place or "embed" IT people out in the business departments and we let the business departments control what they work on and what they do. Basically the business determines the priorities and IT controls the methods (i.e. security, documentation, standards compliance etc.) which addresses the valid concerns of each group as described above.
I should mention one clarification. This co-location is not intended to change how strategic IT projects are handled. Although shadow IT is often involved in strategic projects they are not they sole implementers. The same holds true with what I'm proposing. However, although this proposal deals with tactical issues it does impact a significant effect on strategic issues. It is a matter of credibility. If you don't think executives say to themselves like following your kidding yourself:
- "Why should I believe that IT will be able to successfully implement an ERP solution when they can't even fix my PC, answer my questions or Microsoft Office?"
- "How can IT talk about configuring a solution to my needs when they don't have a clue about how my business works?"
One of the biggest advantages of co-locating IT people with their customer is how closely linked they quickly become with their customers. It is a matter of empathy and can go along way towards alleviating the concerns above. Jeffrey Phillips at Thinking Faster recently posted on Customer Empathy Matters which discusses the need for employees to be able to develop an empathetic attitude. Christopher Koch at CIO.com also commented on this in his blog posting Play Fair. I feel that this is so important that I feel it is a critical key competency that I look for when hiring new IT employees. By co-locating IT people with our customers we greatly improve our chances at being successful at this.
So although you may agree with this approach in theory, I imagine you have some very logical questions.
- Just exactly how is this co-location structured? Are you saying we put PC techs and programmers out with our customers?
- How do we accomplish this? It calls for more people than I have available.
Please bear with me. To avoid making this post too length I'll discuss these questions in my next posting.
If this topic was of interest, you might also like these: