Shadow IT Departments

This morning I read an interesting article at Infoworld. It deals with the collision of paradigms between old IT and the new Infoworkers.

Here's a sobering statistic: Eighty percent of enterprise IT functions are being duplicated by folks outside of the IT department, says Hank Marquis, director of ITSM (IT systems management) consulting at Enterprise Management Associates. In other words, for every 10 people doing IT work as part of their jobs, you've got another eight "shadow IT" staffers doing it on their own.
You probably know them. They're the ones who installed their own Wi-Fi network in the break room and distribute homemade number-crunching apps to their coworkers on e-mail. They're hacking their iPhones right now to work with your company's mail servers. In short, they're walking, talking IT governance nightmares.


I would amend this - they are old IT's worst nightmare. As the article points out, they can become an organizational asset.

The reason superusers go rogue is usually frustration, says Marquis. "It's a symptom of the IT organization being unable to meet or even understand the needs of its customers," he says. "Otherwise, it wouldn't be happening."


One of the things that IT sometimes forgets in their rush to security is that IT is a tool for business. It should be an enabler, not a hindrance. Too often, old IT implements rules and regulations which stifle creativity and solutions, with out an understanding of the real world problems that the business is facing. They mean well, however they do not understand the reality of life in the trenches.

There is a fine line between rules and regulations which enable a safe environment, and rules which are a hindrance and circumvented simply to get the job done. A perfect example is a company that I once worked with. They had a rule about thumb drives (only a specific model, only with encryption turned on, etc). There was no way of using the drive with out being an admin on the workstation - as drivers need to be installed and loaded each time the device was inserted.

So, no one used thumb drives. They used CD-RW's instead. Every machine had a CD-RW drive in it (as all modern machines do) and the software loaded. It was more of a headache, but they could still move large files around. Users are smart. They tend to find ways around policies and rules if they need to.

Procedures are a tough balancing act. If they're too lax, there will be security problems. If they're too tight, people will get around them and there will be security problems.

-Bruce Schneier

One of the solutions that I have used in the past, and the Infoworld article talks about is bringing the 'superusers' into the fold. Make them part of IT in some fashion or other. The article has several good examples, and I have actually used a few in the past. But here is the skinny, IMHO...

Superusers can be a great ally. Policies are no use if they are not used. If the superusers understands why a policy is in place, and how to still use their tools in an effective manner, they can be a powerful public opinion tool. After all, if the superusers are grousing about this or that, they will bring down the collective opinion of the IT department.

"My goal is to have 100 percent of our knowledge workers be shadow IT," says Weider. "Every employee must be tech-savvy and leverage the tools provided in order for us to have any hope of achieving a return on our very expensive IT investments."


It all comes down to ROI. Organizations that have users which, via polices and training, are enabled to leverage technology will see a higher ROI. They will become agile and more entrepreneurial. They will foster creative and relevant solutions, and survive in the global marketplace.

The way I see it, an IT 'group' is an outmoded way of thinking. IT should become a decentralized, organic part of the company. As the MySpace generation enters the workforce, I think that we are going to see more and more of this. And it's a good thing.



A wayward journey into the depths of sanity

© 2022 Greg Nokes

Creative Commons License