Is it Shadow IT, or is IT in the Shadows?

Business/IT Partnership

  • Back in the early 2000’s I was brought into to provide “a little help to get it implemented” project with Hyperion Financial Management.  As I first got involved, I began to realize that one very persuasive sales argument that works with many business teams is “and it doesn’t need any IT involvement”
  • In my roles of supporting certain business functions, and business platforms, I have gotten called (frequently) into a Director’s and VP’s offices and told that they have this great solution and they just need a little help to get it implemented….  (Sigh)
  • Occasionally I find that someone has used non-approved technology for some business process.  This could be an Access database which is sitting under someone’s desk, or a Cloud file sharing application.  (Shadow IT strikes again)

If you have not had this situation, I am very interested in hearing about your business.  From my work with other IT shops, however, this seems to be a pervasive problem.  Oh I have read tons of books, and I am finishing up my MBA, and what I hear is that we as IT need to be Strategic Partners.  My problem is how can you partner with someone when they doesn’t want you around?

To answer, I think we first need to ask WHY?  Why do the various business teams want to avoid IT?  Why is no IT involvement a “good thing?”  What happened?

Well, I will  give you Jay’s version of history of IT, and a theory of “What Happened?” in a later post, “how we got here” is less important that addressing  where we should be, and “how we get there.”

For the Why question, I did something silly, I went to the people in the business who are the biggest offenders.  I got many answers, but at the end, if you boiled away the fluff, what I heard was:

  • IT takes too long.
  • IT just says no.
  • It is easier to beg forgiveness than to ask permission.

If I ask people in IT, however, I get a different perspective:

  • We are so backlogged everything takes a long time.
  • It isn’t us, its corporate policy.
  • It isn’t us; the business just doesn’t know what they want.

Hmmm, doesn’t it sound like a dysfunctional marriage?   Neither side appears to understand each other.

There is a great book called The Phoenix Project (by Gene Kim, Kevin Behr, and George Spafford) which speaks to many subjects, but it discusses this dysfunction.  I highly recommend it.

There are a number of lessons I took away from The Phoenix Project, but here are some highlights specific to this situation:

  1. When business and IT are not working together, both suffer.  The people in IT feel as second class citizens, and business can’t take advantage of what technology can offer.
  2. The IT Department isn’t magic.  Think of it as a Production floor.  Requests and Issues come in, work is done, and product is produced for our customers.  Just because you can’t hold the end result, doesn’t make it any less real.
  3. Don’t forget your Lean Enterprise training, especially Extended Value Stream.
  4. We need to deliver value faster.  It doesn’t matter the mechanism (Agile, Waterfall, etc.), but at the end we need to focus on valuable deliverables which can be completed quickly.  Without risks, there is no innovation.  We need to be able to take risks faster!

I really appreciated the book (and the DevOps and other books it mentions, but I want to take it out of the theory, and bring it to application.

Jay’s Rules of IT

  1. IT’s job is not to say “no,” but to find a reliable way to do what the business needs in a way that minimizes risk.    The Cloud isn’t evil. Not many vendors will indemnify the business for losses, but to be honest, neither can local IT.  This isn’t to say that the Cloud is all good either.  Data should live where it makes sense to who uses it, its importance, and integration points.
  2. Communicate with the businesses terms.  I don’t mean just telling them what your doing, or just yearly at Strategic Planning.  If I had my way, IT professionals would be sprinkled in all business functions, working with the teams daily.  If you have an IT meeting with the business, you risk only hearing about what the business needs from IT today.  The true value of IT is identifying opportunities (and threats) that the business isn’t even aware of yet.  We can only understand these items by understanding the business.
  3. Show real value to people individually.  You would be amazed how many IT teams who work 60+ hours a week still are considered as providing “no value.”  Maybe (as the The Phoenix Project) postulates we are doing the working on the wrong things (adding IT controls for something which is already mitigated by the business).  Even if this isn’t the case, if business leaders don’t see value, then they will not invite you to the table to discuss their business. At one point I had to do super-human efforts to get a sales leader some new devices for their team.  I had to go buy them at a local store, and fly them, and me, to a sales meeting many states away so I would hand then out and help everyone get them set up.Why did I do this?  Was it because I wanted to make the person responsible to like me?  Was it to be the hero?  No, it was simply a way to establish communication with the VP who didn’t follow process, not by punishing, but by showing value anyway.  We had a very candid conversation afterwards, and it led to some good understanding.
  4. If we think of the people we support as REALLY our customers, it helps.  Think about it for a second.    Do you think a customer to your company would be happy with a “sorry, it is against corporate policy” is going to be happy?  Think of the extended value chain for your own internal customers. I am not suggesting the business gets to do anything it wants.  We in IT DO have responsibilities to protect the corporate data.  If the business has a need (the what) it is our job to find the how (Rule #1) in a reliable way that minimizes risk.
  5. A project is not done when the budget is spent, and the solution is implemented, it is when value is achieved.  I’ll go into this in more detail in a future post, but it is part of the “value creation” concept.

In the end, this is a vicious circle that “someone” needs to break.
If the business / IT partnership is not functional,  the business may(or may not in the case of Shadow IT), come to IT with solutions to implement, but not with problems to solve.  It doesn’t matter how many times you say it, or what your corporate policy states.     Unless the business sees value from IT, they will see us, at best, as implementers and at worst, obstacles.  They will not see us as solution providers.

Oh, this isn’t IT’s fault, but with a much more technically aware set of internal customers, our “IT Magic” is gone.  We are just not the only holders of the secrets of technology.  For many people in the business these “secrets” were what made IT special.  Now that the magic is spread, we need to find a new way.

It is not easy, and may take a while (depending on your business),   but if you want to be an “agent of change” in your IT organization, it is time to start.  Look at your corporate strategy, find an internal business person who isn’t unfriendly, and start talking his or her business.  Find out if they had a magic wand, what would they change?  Then (most importantly) find a way to get at least part of the way to the solution.

What are your thoughts?