IT must find a balance between control and end-user experience Credit: elenabs Not long ago, when business managers surreptitiously downloaded and used their own SaaS programs, it was called shadow IT. Today, business-managed IT has come out of the shadows and into the spotlight, Nearly two-thirds of organizations now allow business units to select technology that fits their own particular needs, according to KPMG’s 2019 Harvey Nash CIO survey. Among organizations that don’t permit it, over half say it still exists. While business IT can boost productivity and enhance product development, it also poses significant risks if it’s not managed properly. Here are some guidelines for getting the most out of business-managed solutions without harming the organization. Benefits The proliferation of no-code and low-code tools, and a proliferation of easily integrated cloud-native products has made it easier for business units to configure and manage their own applications, automation, and analytics and there’s no question that doing so brings advantages. “No one knows the business better than business managers. The traditional process of trying to communicate their requirements to IT, which then has to try to interpret and implement them, is a largely broken model,” said Steve Bates, principal and global leader of KPMG’s CIO Center of Excellence. According to the KPMG Harvey Nash study, companies that actively encourage managers to adopt and collaborate with IT on their own technology provide a better customer experience and release new products faster than others. As the world grows more digital, choosing the right software matters more than ever. By 2022, IDC predicts that 80% of revenue growth will depend on digital offerings and operations. Problems and Limitations If business IT is not well-governed, it can cause the organization a host of problems, the most serious of which are cyberthreats. Every new app increases the attack surface, offering hackers a new door where they can try to infiltrate the corporate network. Though business managers may not realize it, connecting to many third-party and open APIs can easily create cyber risk, Bates pointed out. “It is easy for the business to lose visibility and understand who is accountable for maintaining security on all the connected layers” says Bates. Even secured connections and apps are not designed to meet the organization’s compliance requirements and could lead to a failed audit. In addition, programs not run through a strong central governance and architectural review process may interfere with the performance of corporate apps. Another problem is maintenance and sprawl. Modern IT departments use zero touch deployment and automation to push software and updates throughout the organization with a single touch, keeping pace with recommended patch levels, security updates, and builds. Bates points out that business managers may not have the experience and sense of urgency to update their software promptly, which can lead to security and performance gaps. As unmonitored apps accumulate, the IT performance of the organization as a whole deteriorates. A Hybrid Model Organizations need to strike a balance between imposing controls so tight they don’t allow business units to innovate and ensuring safety and efficiency. While some apps can be run by business units with few problems, others should be left in the hands of IT experts. Business IT works best for simple, low-code applications that don’t require an engineering background to set up or manage. “Business units can unleash their creativity within bounds that IT can set,” Bates said. Robotic process automations created on platforms like Blue Prism or Appian are good examples. However, complex programs like ERP, custom apps, or any systems involving high risk security, network, or compute dimensions should remain under the purview of central IT. “To help bridge the gap, many companies are rethinking their architectural review boards, to include business managers as well as IT representatives”, said Bates. The boards hash out design standards, platforms, and features that provide business units with the leeway to do what they need while still adhering to a basic risk-based organizational framework. Emphasizing Business Value Business-managed IT is part of an overall organizational trend in which demonstrating business value and results are paramount. Central IT, too, has become more focused on business outcomes. “Instead of funding one platform or technology, then moving on to the next, IT is making smaller, more frequent investments directed toward specific results. If the results aren’t achieved, the technology is scrapped,” Bates said. “It’s what we call dynamic investment, and we think it will continue to mature,” Bates said. “We increasingly see a willingness for organizations to invest in smaller, modular, short-term solutions, knowing that they may move on to something else as the business needs change.” Business-led IT fits well with this new, more agile IT environment. Working together, business managers and IT can steer the organization with precision toward important digital transformation goals. To learn more about how dynamic investment can fit into your business-driven IT plans, click here. Related content brandpost Sponsored by KPMG Is Frictionless Application Security Possible? Fueled by new techniques and methodologies such as agile, DevOps and CI/CD, the pressure on developers to deliver faster has never been greater. By Yen Hoe Lee Sep 03, 2020 6 mins IT Leadership brandpost Sponsored by KPMG The Road to Modern Delivery: Low code development, market speed, and the Future of IT In our conversations with IT leaders, migration to digitally integrated operating models has taken on new urgency. By KPMG Aug 21, 2020 7 mins IT Leadership brandpost Sponsored by KPMG Why so fast? Navigating your path to Market Speed COVID-19 has fundamentally changed the way organizations operate, what their customers and employees expect, and has created opportunities for business model innovation. By Sebastian McCabe Aug 13, 2020 6 mins IT Leadership brandpost Sponsored by KPMG Becoming Cloud-Smart: The C-Suite’s Role Strategies for Integrating Cloud into Business Operations By Teresa Meek Aug 10, 2020 6 mins IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe