Modern IT departments typically employ one of three strategies to contain and control the proliferation of consumer technologies, or "shadow IT," within the enterprise, according to Yankee Group. First is the "Seek and Destroy" approach, in which IT altogether bans the use of consumer technologies; second comes the "Solicit and Support" tack, where IT accepts the technologies staffers introduce into the network and adjusts its infrastructure accordingly; and finally, some IT departments choose the "Acknowledge and Ignore" response to consumer technologies, letting staffers use whatever applications and services they please without tweaking infrastructure.
However, none of these strategies harnesses the true collaborative power of consumer technologies and can lead to chaos in the IT department, according to Yankee Group's July report, "Zen and the Art of Rogue Employee Management." The research firm suggests that IT embrace consumer technologies via a "Zen-like," internal customer care cooperative model where "consumer technologies work side by side with enterprise applications and devices."
"Consumerism will be a nightmare for IT departments, creating maintenance and support problems that will swiftly overwhelm IT resources unless they embrace new approaches to managing the rogue employees," the report reads.
Under an IT care co-op system, IT provides employees with the necessary tools to find a balance between end-user and IT-supported applications and devices, according to Yankee Group. Administrators don't set specific policy and enforce regulations; rather, they create general guidelines to follow and nudge users in the right direction.
More On Shadow IT
What follows is Yankee Group's set of four best practices to help move your organization toward an effective IT care co-op system:
1) Facilitate an Online Social Networking Community Within the Enterprise
Wikis and blogs can help employees solve technical problems without reaching out to IT, because users can post messages detailing fixes to past issues with their hardware or services. Staffers can also pose questions on wikis or message boards, in which other staffers can help resolve issues. IT departments should do some digging into which consumer applications are currently being successfully used within enterprise walls and then build infrastructure for online communities around these widely used technologies. For instance, if AOL's AIM instant-messaging application is already in use, consider integrating that service into your new community infrastructure.
To encourage participation and high-quality posts, both a ratings and incentive system should be implemented. Such systems can also help separate helpful material from less useful content because users rate each post, according to Yankee Group. Points can be awarded to users who consistently post quality content, and a certain number of points can be traded in for goods or prizes like gift cards or American Express gift checks.
2) Set Security Baselines
IT should devise a baseline security policy that covers the specific technologies in use and ensures that users follow the rules. For example, wikis are meant to be open and unrestricted, but in cases where strict authentication is required, users should be able to simply apply their existing access permissions to pages or content without direct IT assistance. Collaboration software that's flexible enough to allow users to tweak their own profiles and add relevant information is also a plus because it puts more control in the hands of users.
Organizations should seek out wikis and other collaborative technologies that can be "stitched" into their existing infrastructure without violating security policies. Yankee Group suggested looking into wiki technologies from companies like JSPWiki and Media Wiki because they let enterprises employ their existing Lightweight Directory Access Protocol (LDAP) or Active Directories for user authentication. Josh Holbrook, the Yankee Group analyst who authored the report, also recommends wiki technologies from Socialtext and Atlassion. Users should have the ability to "set up, define and tear down" their own communities, so IT doesn't become bogged down with minor tweaks and enhancements.
Clear parameters and expectations should be set from the get-go. IT should also make clear that all activity on enterprise wikis and collaborative technologies will be monitored and services will be shut down immediately without questions if management sees the need.
3) Provide Corporate Recommendations
IT knows best when it comes to which consumer applications and devices will function effectively on corporate networks, and therefore IT should actively participate in the community dialogue. IT should not dictate which devices or services are acceptable—unless, of course, an application or device violates security policy. Instead, IT should offer up information on which devices and apps have worked most successfully in the past.
"Advice from IT in conjunction with employee ratings of devices or services provide a well-rounded perspective on which consumer products are best suited for the enterprise, thereby facilitating easy deployments," the report states.
4) Provide Incentives to Prevent Circumvention of Care Co-op Tools
Many staffers will resist the shift toward an IT care co-op, and attempt to contact IT directly as soon as an issue arises. IT should create specific processes to encourage and assist users in becoming comfortable with the new system.
First off, users should know that IT will give priority to staffers who've tried to obtain help from the community site first. Use of the community site for help is also reinforced by the incentive systems mentioned above.
A typical community help system works like this: Users with a problem or question start by searching the community site for answers. If a user cannot find a resolution, he or she then posts a question for other members. If the problem remains unsolved after a certain time period, the user may reach out to IT electronically through a system integrated into the community site. In other words, the user can IM or e-mail IT without ever exiting the site. Finally, if the problem persists, the user calls IT on the phone with a reference number that the community site generated when the user reached out to IT electronically. The reference number serves as proof that the user went through the appropriate channels first, and the problem should be prioritized.
What's Holbrook's advice for CIOs interested in transforming their IT department into an IT care co-op?
More On Shadow IT
"I recommend CIOs launch and learn. The knee-jerk reaction of most IT organizations is to go through an obscenely long due-diligence period that eats up a year of everyone's time," Holbrook said. "The technology used for an IT care co-op is sufficiently simple that this approach works."
And is such an environment effective in all enterprise settings?
"CIOs who don't trust their constituents or view IT's role as a guardian who decides how and when employees should work are not culturally suited for this approach," according to Holbrook. "One simple litmus test I use frequently to gauge whether an IT organization is well suited for a care co-op is to ask how they view instant messaging. If they feel it's a gadget that employees use to fritter away their time, then move on. However, if they see IM as a productivity-enhancing tool for employees, then the conversation around a care co-op is worth pursuing."