Line of business users are provisioning technology by doing an end run around IT. But this loss of complete control of the IT estate has its benefits — for the CIO and the company as a whole.
Employees who go off the reservation to acquire software outside official channels can provoke consternation and alarm in CIOs. But when the digital dust settles, IT organizations and the staff they serve often emerge from these events in a stronger relationship and with improved management.
Cloud-based application delivery and subscription business models from vendors create the perfect conditions for the natives to run wild — and for IT to react proportionally. When applications are provisioned outside official channels, the company’s security risks can increase, application integration opportunities are overlooked, siloed data diminishes analytics opportunities, the company can’t leverage pricing bargains for volume cloud use and tax benefits from the operating expenditures (OPEX) are missed because the payments aren’t rolled up into company financials.
In the context of these missed opportunities, the response from IT can take several forms. “I’ve seen budgets threatened when the shadow IT was discovered,” says Steve Rodda, chief product officer for Cherwell, an IT service management software vendor, though he adds that the typical response tends to be more measured.
Rodda witnessed a consumer electronics manufacturer customer establish an entire business unit just to get its arms around runaway cloud application deployments.
“I think you’re going to see more of this in the future,” says Rodda. “The fact that the company had to establish an entire division in order to corral this (phenomenon) kind of surprised me.”
Out of this organizational arrangement, the company constructed an IT services catalog through which employees could requisition applications. Not the most innovative idea given its adoption for many years. Yet it might have never been built in the absence of the shadow IT phenomenon.
The services catalog was an attempt to strike a healthy balance between the need for software acquisition control while meeting the needs of front line employees more responsively. “The shadow IT issue has focused the IT departments more on how IT could add value across the business. Shadow IT has elevated their roles in some companies.”
The examples that follow demonstrate the positive outcomes shadow IT can deliver to the IT organization, from small but meaningful gains to ambitious organizational reengineering efforts.
A technology response brings incremental improvements
The shadow IT reality has caused PPG, a $15 billion manufacturer of paints and coating products with operations in 70 countries, to double down on centralized, disciplined management that halts shadow IT before it evolves very far into the company.
PPG deploys two monitoring tools, each offering a unique perspective into shadow IT occurrences. One generates reports and dashboards of company credit card spend. Chris Caruso, vice president of information technology and functional CIO at PPG, says that this approach has been effective in controlling shadow IT. The other is a resource management application, Planview, that provides insights into any possible IT staff involvement in shadow IT projects across the global organization.
“Any project that anyone within the IT organization works on a global basis is in this system. This is why we become aware of unapproved technologies,” says Caruso. If staff documents work on any application that is not officially sanctioned, it will show up here. “The way we put it to technology staff is that if you are working on any project involving unapproved technology, you weren’t working for the IT organization.”
Once the shadow IT has been identified, Caruso says PPG has put in place a formal process to redirect the expression of software need through formal channels, involving building a business case for the software and directing applicants to an approved list of vendors. “Shadow IT can present opportunities if there are gaps in our portfolio of applications,” says Caruso.
An investigation into the IT staff’s work on the unapproved technology flagged in Planview will initiate the same redirection to the formal technology approval process used when shadow IT is introduced from the business side.
“We’ve addressed three key issues around shadow IT from a people, process and technology perspective that adds additional discipline into how we run the IT organization,” Caruso says. “We know what projects people are working on with what technology and we’ve never been able to do this before.”
Caruso adds that getting a handle on shadow IT offers the benefit of reinforcing one of most important mandates of his IT organization. “When people are spending money on shadow IT, it’s not necessarily where PPG should spend its IT investment. If you can channel those expenditures into something more strategic you might get a better return for the organization.”
IT beefs up its skill set
Eliot Arnold, co-founder and principal consultant at Crunch Data offers this example of shadow IT causing profound improvements in IT management. He was formerly an executive responsible for marketing analytics at electronics distributor Arrow Electronics.
Unbeknownst to the IT organization, Arnold took it upon himself to copy and deploy the company’s databases on a server he procured and installed under his desk using the company credit card. He bought and configured a visualization tool as well as the software to prep data for deep analysis.
It sounds like a shadow IT worst-case scenario, but decision making around deep marketing insights generated $45 million in revenue, Arnold said. And his shadow IT operation became a turnkey service bureau in which he offered analytical insights to the rest of Arrow and charged for the capability.
“It’s first reaction was like I stole money from the mob,” Arnold says. But the IT organization conceded that Arnold’s shadow IT example crystallized the need for it to upgrade its capabilities to include master data management and data quality management, critical disciplines for companies that view data as an asset, but they were barely given any attention at Arrow until Arnold forced the issue.
“Shadow IT can be a real catalyst for innovation,” says Arnold.
An independent, departmental IT organization emerges
Arguably the most profound impact to IT organizations from the existence of shadow IT is an organizational overhaul. About seven years ago, the marketing department of telecom provider CenturyLink, under the supervision of director of marketing operations Scott Berns, received management approval to create a mini IT organization for itself.
While the reality of shadow IT was not the sole motivation for this move, he anticipated the growth of the shadow IT phenomenon as a validation that creating an independent marketing IT organization made sense. Every marketing application, cloud or on-premises, is now discussed, selected, provisioned, financed and managed by the marketing organization exclusively.
“At the end of the day I have full autonomy to meet the needs of the business,” says Berns.
Who better than marketing to understand its own future technology needs?
CenturyLink business analysts and tech staff sit side by side with marketing staff. Application integration, security, data management and other support services are handled by the global IT organization that serves as a kind of backstop when needed.
CenturyLink’s marketing department took on some of the characteristics of shadow IT to the extent that it can scour the landscape for marketing apps that offer new capabilities. The department can quickly discuss, test, and, with the technical guidance of analysts and IT staff, decide to deploy or pass. These are key process capabilities of a robust technology review process so important to marketing organizations constantly focused on customer satisfaction and growth.
Embedded IT at the business unit level is becoming am increasingly common organizational arrangement. Gartner said that through 2017 up to 38 percent of IT purchases would be defined, controlled and managed by business executives. And seventy percent of respondents to the 2018 State of the CIO survey said that when lines of business or departments purchase technology products or services with their own budget, IT typically plays an advisory role or shares oversight. In only 16 percent of such projects does IT have complete oversight.
“When you think about it, marketing behaves like a shadow IT department since we can test and deploy any cloud-based app we choose. The only difference is on key issues [data security, data management and application integration] we work closely with global IT,” says Berns.