I read a post a little while ago over here talking about Shadow IT. The comment was initially referring to a “scary statistic” where Gartner predicts 35% of enterprise IT expenditures will happen outside of corporate IT budget.
While Access applications, or Lotus Notes apps, etc., have proliferated for many years outside of the control (and often knowledge) of central IT, to me – this statistic is actually a very good thing.
First some background principles.
FACT: The business wants to get on and solve their business problems as fast as possible.
FACT: The business lines are always under some form of cost pressure, maximising return on capital invested in terms of revenue. Be it revenue per employee, per asset, per whatever.
FACT: In the same way that water finds the easiest or fastest path downhill, business users (or entire lines-of-business) will find the best way for them to answer their pressures for business performance within explicitly defined constraints.
Customer Story: I had one customer where an entire division sourced a separate IT system from the cloud instead of using the global/corporate solution. The reason was the corporate solution was too expensive and too slow in coming. When this was raised, the outcome was two-fold and showed the pragmatic decision-making culture. First, the “rogue” business was not penalised for acting in their own best interest beyond being told to increase the dialogue in future. Second, it drove much-overdue funding support for an IT project to streamline and lower the cost of the existing service, while also making it more agile.
Any economist from Adam Smith onwards will testify that artificial barriers or monopolies ultimately lead to higher prices and risk, lower quality and slow down speed-to-market.
Therefore, rather than thinking of Rogue IT, Shadow IT, Hidden IT, Unmanaged IT, etc., all of these are actually facets of the larger evolution of Consumerisation of IT. Let’s understand the phenomenon and apply governance to it. By governance, I mean supportive guidance, rather than prescriptive interdiction.
(I’ll deal with how that governance should work in another post)