by Byron Connolly

The perils of shadow IT

Jun 12, 20144 mins
Cloud Computing

It’s happened to many CIOs: End users, thinking they know better, whip out their credit cards and buy technology services without consulting anyone in the IT team.

The result? Confused business owners who don’t necessarily receive the services they need and can’t answer critical technology questions from the cloud service provider.

They eventually need to turn to IT. This is exactly what occurred at Perth mining and civil construction firm NRW Holdings.

The organisation’s IT group provides technology to three independent business units. Fairly recently, these units purchased software from a third-party cloud provider under an ‘as-a-service’ agreement.

NRW’s head of IT, Robert Kolzan, who was part of a panel session at the recent CIO Summit in Perth, said the business units were looking for quick delivery on several applications.

“They weren’t core applications – they were specific to what [the divisions] were trying to achieve in HR with learning and development,” said Kolzan.

The staff used their credit cards to purchase products – including a learning management system – only to discover that NRW needed to provide its own platforms to enable functions such as single sign on and data integration.

“They were all items that were in the contract with the provider, however they didn’t realise that they needed to provide the platform to do that,” said Kolzan.

“When they started hearing things [from the provider] like ‘Is your Active Directory federated? How are you going to get data over to us?’, the red cards came up and the business had to engage IT.”

Of course, this was the first time NRW’s IT group had heard about these services.

“The unfortunate part was that in some of these instances, money was burnt on the actual implementation of [systems] because what was being offered by the cloud provider – the product as a service – was not exactly what the business wanted,” said Kolzan.

This meant that NRW needed to get the cloud provider to adapt its product to meet the organisation’s needs. According to Kolzan, this was not something that the cloud provider was able to do.

“As you can imagine with products as a service, they have a product which they offer and their business model is based on being able to sell that product to as many customers as they can as quickly as possible.

“So development of that product and changing it in its core wasn’t what they were able to do. We [realised] that we had made some mistakes and [had to] settle for 70 per cent or 75 per cent of what we initially thought we were going to get [from the cloud provider] versus 100 per cent for the deliverable,” he said.

How was the problem fixed?

NRW Holdings’ IT team set about fixing the issue by putting in place governance around technology purchases and informing executives inside the business units that they need to be clear about their requirements.

“We [the IT group] are now the first stop when it comes to looking as products as a service for the business,” he said.

The IT team has also had to develop skills internally particularly around contract negotiations with cloud providers, Kolzan said. Technical documents need to be reviewed in a very short period of time, he said.

“It wasn’t a reorganisation of IT but we had to reinvent ourselves internally and work a lot closer with the business.

“It comes back to that quick turnaround of that product to the business. For us to go and develop some of this internally – it would take at least six months – but with the business going out to the cloud, the turnaround for them … was a matter of weeks,” he said.

Kolzan said providing cloud-based services is the way forward for the organisation in selected areas.

“We are currently moving from our disaster recovery centre with hosted equipment to disaster recovery in the cloud and that’s [due to] market situations in the mining industry at the moment.

“When the disaster recovery centre was first in place for NRW, the IT department had an open cheque book, they could go out do what they wanted, they purchased some great hardware and rented great facilities.

“But now the realisation of the cost of that to the business is ‘well do we really need to be able to recover within hours, could we go without [some services] for a number of days and what is the impact of that?'” he said.

Follow Byron Connolly on Twitter:@ByronConnolly

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia