Shadow IT (noun)
(formal) Information technology systems, solutions, or software employed within an organization without formal approval or oversight.
(reality) What happens when employees play tech ninja because IT approval processes are too inflexible or cumbersome when it comes to evaluating emerging technology.
Today, Scott Brinker posted on the notion of Shadow IT on the chiefmartech blog. Scott, VP of Platform Ecosystem at Hubspot, is a thought leader on corporate IT and marketing IT topics. What is admirable about Scott is how he engages his audience and shows his work. Never dogmatic, Scott is one of those rare breeds of experts open to the notion that his ideas are not carved in stone from on high and instead are starting points for dialogue.
Let the dialogue commence.
It’s the CIO’s Fault
When I worked in the CIO’s office at IBM, I was not a good fit for the organization. Most IT executives were elevated because they were rule followers. Like many corporate organizations, the higher one got in the organization, the less it seemed to matter who you served and the more it seemed to matter how well budgets were managed and policies were followed. Discussions with stakeholders became defensive actions to be undertaken at rare moments.
I snuck into the CIO office from the sales organization. My General Manager wanted someone on the inside, and a few fumbled balls by the IT team allowed her to nominate a candidate. My phone rang while I was planning to relocate to Europe for a new job. A new plan emerged: I relocated my office to the corporate backwaters of Somers, NY.
I became the “CIO” for digital sales and aimed to advance the cause of my stakeholders from within. I was not a big fan of rigid stuff. My previous roles with the company involved experiments with emerging tech, fixing broken toys, and calming excited execs by righting projects that had foundered. The routine and rhythm of corporate IT frustrated me. I was fortunate to have a few bosses who tolerated and, in some cases, leveraged my divergent streak. But don’t underestimate the power of culture. Over time, I became far more convergent than divergent.*
Whenever my stakeholders had a request that was outside the bounds of what was supported, it went through a long and arduous approval and budgeting process before it was denied. This was enough to thwart flowers from blooming in the olden days. However, once the app economy emerged and folks started walking around with supercomputers in their pockets, there was little one could do to prevent gardens in every pocket of the organization.
Was it the CIO’s (my) fault? You betcha. The world shifted, and they (I) failed to figure out how to integrate this new landscape into our thinking and our processes. For many businesses, the risk of new tech is low, and the benefits of experimentation are high.
Should CIOs consider bringing Shadow IT into their fold? Absolutely not. While governance and policy have a role—security and privacy are important for every business—ownership of the technology should rest close to where the value is created. CIOs should embrace the Five Rings of a Tech Stack.
The Five Rings
Scott has a knack for visualizing things, and his post includes a graphic that illustrates the Five Rings of Corporate IT. I had a quibble with the size of each ring, but when I read about the data from Zylo, I discovered that most companies have more budget in department-owned IT than central IT. Good for them!
As I commented on Scott’s LinkedIn post, my bigger quibble with this visualization is that I think the X-axis is mislabeled. This graphic implies the distance from the center of the tech stack. I think the better description of the X-axis is “Scope of Utility.”
Things that become highly centralized are usually those applications that have broad utility to the enterprise—perhaps as measured by the amount of expense, revenue, or risk they affect (e.g., financial systems, ERP, maybe CRM)—while those further out in the ring have individual or team utility.
The downside of centralization is that utility to the individual is diminished, so utility for the average user and expense to the enterprise are optimized. Anyone who has tried to use an ERP or configure a CRM system has wondered who precisely the screens and workflows were designed for. They’re designed for everyone, which results in them being designed for no one. Thus, a yearning is created for something better. Shadow IT emerges.
While centralization or destruction has historically been the default reflex when unapproved IT is discovered, acceptance must be the new norm. Shadow IT has not been in the shadows for some time. Let’s embrace it.
Shadow IT is real IT
I made a snarky comment a few weeks ago, also on one of Scott’s posts: “You say "Shadow IT". I say "The best IT"“. I truly believe this. No enterprise ever innovated IT by making its ERP system more effective. In fact, IBM spent over a billion dollars a decade or so ago in a failed effort to implement a new ERP.**
But look at all those folks who snuck in Slack, Coursera, LI Sales Navigator, or Calendly. Those technologies provided a lot of value for the communicators, learners, and sales reps in ways that the centralized corporate app could never do for a fraction of the cost.
As I mentioned to Scott, the Shadow IT process eventually feeds the centralization model, which, unfortunately, creates more Shadow IT. Slack licenses paid on corporate cards eventually led to enterprise licenses. I’m all for those economics. What I’m not for is actual centralization. That’s how value gets destroyed. It happens in one of two ways.
First, some well-meaning CIO employee decides to explore alternatives to this expensive corporate license. They discover a cheaper, second or third-tier, application that does messaging. Suddenly, utility disappears as centralization regresses everything to the mean.
Second, another well-meaning CIO employee decides that Slack should be the standard eliminating all other messaging apps. Software engineers who built their workflows around Discord are migrating to something with far less individual utility. The result? Suddenly, Rocket.chat starts appearing on computers.
What am I for? In short, no change. And while we’re at it, let’s figure out a way to redirect those well-meaning CIO employees trying to optimize the Shadow IT.
IT with individual and small team utility is part of the landscape. Scott’s post suggests we redefine IT. I think it’s already been redefined. Shadow IT is individual IT. There’s room for it in the landscape. Just as we want employees to innovate in how we compete in the market, we also need to accommodate employees’ need to innovate how that work is done. Leave Shadow IT alone.
Shadow IT is real IT.
* Why is there no word “vergent”? The are words with the modifiers con- and di- but no root word. It isn’t convergent, it should be vergent.
** Execs involved in the failure were summarily given better jobs. I don’t recall anyone getting the axe. The rot in large organizations is well hidden from shareholders.