Shadow IT. Mandate Without Service.
Many IT organisations are strong on wanting a mandate. This is what IT does and this is what users can and cannot do. The expectation is that if we can simply clarify and enforce the rules then shadow IT will go away and we will solve all, or at least a few, of the world’s problems. The problem is mandates have never worked when it comes to users and IT.
It was the mid 1980s and I am a freshly minted graduate working at Deloitte. I have bought my first ever PC. A sewing machine style luggable similar to the one you see below. I have always been a bit of geek and at the time this was the latest greatest machine of it’s type with twin floppies (if you’re a millennial and don’t know what a floppy is, search Google. For those that do know, this is so long ago that floppy drives truly were floppy). I loved that machine. It was a game platform, a massive calculator through amazing spreadsheets, a word processor (and anyone who has tried to read my handwriting will know how important that is to me) and many other things besides. I could do so much with it, but, I was not allowed to use it at work.
Instead I had to use A3 size tabular paper and multiple coloured pens and pencils as notation aids and massive hand held “manual” calculators. It was ridiculous. I could have been so much more productive if they had just let me use my PC! But no, the powers that be had decided PCs had no place at work. Despite the rules, I and several others slowly began to use our PCs even though we were not allowed. They were helpful and improved our productivity even back then.
The PC saw a massive rise in shadow IT for most organisations. Users found them useful while IT teams of the day routinely sought to shut them down and keep them out of the organisation. To keep them out of the workforce many IT teams proclaimed and enforced bans on PCs. Whether they were right or wrong at the time depends on your perspective but we all know how that particular issue played out.
While my little rebellion in the 1980s wasn’t the first instance of Shadow IT ever recorded, or likely the worst, it was my first experience of IT mandates. As I look back on this now, with many years working in IT, it still demonstrates how futile it is to try and ban something that people find useful.
Yet many IT teams today still seek mandates to determine what technology an organisation can use and to ban the rest. And too often the prevailing opinion is that if users dare step out of line then they need to be able to appropriately chastise them. They seem to want to treat the rest of the business as if they are naughty children who have broken the rules and need to be told off or better yet smacked.
We know in our industry that mandates don’t work. If people want and need something and IT can’t or won’t provide it to them, they just go around IT. Shadow IT. That nasty underworld of backroom deals and shady characters who go around IT and ignore all our good work. We need to deal with those shady characters and return the organisation to the light. It is part of our fight against evil and let’s face it, there some very good reasons for us to keep up this fight. There are many dangers online today and we do have an obligation to protect the organisation. Besides, when it comes to value from IT research tells us that we need to take an organisation wide view of technology investments and that one off investments in the latest tools seldom results in improved organisational performance.
But maybe Shadow IT is our fault. After all, deep down all these “shady characters” are trying to do is figure out how to get their job done in the best and easiest way and we in IT can’t or won’t help them. Shadow IT happens because you have, or think you have, a mandate but fail to back that mandate up with great service.
You can’t do this because I say you can’t but I am not going to back that mandate up with an acceptable service proposition to support you to get what you believe you need. Yes, mandates are important to keep the organisation safe and to enhance your prospects of actually delivering value, but every mandate needs to be backed up with an appropriate service proposition or people will try and work around it. So what can you do about it? Here’s one approach that seems to be getting results.
In this particular organisation Shadow IT is rampant. Business leaders across the organisation are sourcing their own systems because the IT team can’t or won’t help them. In this case it is largely a matter of can’t as there is a massive organisational agenda in play to update, reposition and consolidate systems. There simply isn’t enough capacity (people or money) to meet all the demand. In response ICT have set the business free to make their own decisions and positioned themselves as a facilitator. Some of the key aspects of what they have done is as follows:
- All significant IT investment decisions are formally made by an executive committee. The business leader wishing to invest needs to front this committee and convince them that their investment is a good idea. The CIO is on this committee and part of the decision making process. It is possible that this group could make a technology decision that the CIO disagrees with, however the dynamics of the process support collaboration on solution definition. Sometimes IT leads, sometimes their peers across the business lead but no one wants to front up to their peers for a public battle, so these issues are nearly always sorted out before the meeting.
- The organisation is progressively sorting out what is important and core to them and their success and what is non core. Business activities, which are considered core (characterised by being part of the organisations value chain with all the attendant issues of cross functional impacts and a high level of integration is required), are much more likely to be supported by centralised organisational wide solutions. For those areas which are not core a more hands off approach is taken.
- IT have established a dedicated SaaS enablement team. The purpose of this team is to work with and support the business to effectively implement their chosen SaaS tool. Their focus is to support the business in any way they can with a focus on core technology issues of security, integration and getting work done in their particular culture. As much as possible they stay away from enforcing mandates (leaving that to the executive committee) and simply try and be helpful. What they are finding however is that the more helpful they are the more influence they get in future decisions. A nice win win outcome.
This organisation has some way to go. They still get worked around at times but the more they let go of mandates and focus on providing great support and service the more influence they get. What can you do to start your journey. Start by identifying all those areas where you have or wish you had a mandate and then ask yourself these questions:
- Does this particular mandate really matter? i.e. is it core?
- In what areas are we okay with a little Shadow IT and where may it actually be desirable?
- What service proposition do we have in place to support our people and organisation so they want to work with us?