The world turned upside down: Conventional IT is rapidly becoming shadow IT

Millennial employees would find it difficult to believe that at one point in the not too distant past their corporate IT group exercised near total control over the use of technology within their companies. But IT veterans have fond memories of the “good old days” when IT had real power and prestige. Business applications were once so highly customized that they couldn’t be modified or upgraded without IT’s assistance; company-owned personal computers were the only ‘devices’ available to employees; and investment dollars were always available to put new, bigger better equipment into IT’s data center.

The good news is that technology has become deeply ingrained in the day-to-day operations of most business functions. The bad news is that IT’s role in selecting, implementing and managing many aspects of information technology has become increasingly marginalized. What happened? How did we arrive at this current state of affairs?

SaaS: The Great Awakening began shortly after the turn of the century with the advent of the software-as-a-service (SaaS) model of delivering business applications. Salesforce pioneered the introduction of subscription-based software services in many enterprises. At the time, contemporary prognosticators predicted that SaaS apps would have limited utility and would primarily be employed to support sales and HR processes. They were wrong. SaaS apps have become ubiquitous and currently support a wide variety of business functions. It’s ironic that outsourcing is considered to be such a massive threat to IT job security. The proliferation of SaaS apps has probably eliminated far more analyst, coding, testing and data center support jobs than outsourcing ever did!

BYOD: Many IT shops fought a losing battle in trying to deter the bring-your-own-device (BYOD) movement. They first tried to stop the introduction of Apple laptops within their companies. And after losing that battle, they made a second attempt to limit the freedom of choice of their end users when smartphones and tablet computers arrived on the scene. Attempts to restrict the variety and use of personal devices within the workplace have inevitably failed. Many IT organizations continue to fight a rearguard action to control access to corporate apps and data via personal devices. Mobile device management efforts typically produce mixed results and rarely achieve a total lockdown of corporate apps and databases — and they almost always frustrate (and sometimes infuriate) end users! 

Collaboration tools and freeware: It’s not uncommon for functional teams in many companies to employ task management, project planning, document sharing, videoconferencing or chat tools without the knowledge or support of IT. Small work groups can easily adopt such tools at little or no expense. They are becoming increasingly ubiquitous as the boundaries between mobile consumer apps and mobile business apps continue to blur. 

DevOps: Yes, even DevOps plays a role in disintermediating IT groups from their conventional responsibilities as product development teams assume more direct responsibility for monitoring production systems and responding directly to production issues.

Smart hardware: Conventional IT hardware vendors are embracing internet of things (IoT) design principles to improve the performance and reliability of their products. Next-generation storage, server and network devices continuously provide data regarding their health and performance directly to their manufacturers. In some cases, vendors have direct access to equipment on the data center floor and can take preemptive steps to correct, repair or replace equipment exhibiting anomalous symptoms or behaviors. Some of the historical activities that would normally take place within the network operations center are now superfluous – the machines are starting to take care of themselves!

Too sexy for my staff: Technology is still being used in highly innovative ways to propel strategic initiatives. Unfortunately, IT rarely gets to lead such initiatives because it lacks the relevant skills or is perceived to be too slow and costly to produce results in a timely fashion. For example, retail companies that want to adopt digital marketing techniques to establish highly personalized relationships with individual customers commonly set up separate teams outside their conventional IT and marketing functions to drive such efforts. Similarly, big data initiatives that leverage artificial intelligence and machine learning to forecast consumer or business behavior are typically sequestered in separate organizations outside the IT department. This is a clear case of history repeating itself. Similar one-of-a-kind organizations were created in the early 2000s to build and manage the first generation of corporate e-commerce platforms.

What’s left for IT to do if many of the department’s traditional responsibilities are being eliminated, end users are becoming increasingly self-sufficient and technology-based strategic initiatives are being undertaken outside of IT? What are IT’s key responsibilities today?

The answer is pretty thin gruel. One of IT’s remaining tasks is to architect and manage the company’s networks. This is a strategic responsibility but one that’s largely taken for granted. Another task that still falls to IT is the management of the company’s data center. If the data center is used to host revenue-generating systems, this is also a strategic responsibility, but if it’s just housing internal systems then it’s not that big of a deal. A third responsibility that IT continues to handle at many companies is maintainence of internal email systems. This is a highly visible role, but one that is likely to wane in importance as most email systems migrate to the cloud. 

IT also gets stuck with the dirty work of implementing systems and procedures that force a company’s employees to comply with information security policies. These responsibilities do little to advance IT’s prestige or popularity! 

Most IT groups also continue to maintain their companies’ ERP systems. This is a decidedly unglamorous task, but IT is stuck with the job because it’s the only group with a complete understanding of the customizations that have been applied to the systems in the past.

Finally, IT is responsible for managing the flow of data within a corporation. IT needs to ensure the integrity of the data employed within the company’s business systems; manage the synchronization and integration of data across multiple systems; and enforce data security and privacy safeguards. Proper data management is growing in importance at many companies. It will likely become one of the principal ways IT can deliver strategic business value in the future. 

Truth be told, network management, data center operations, ERP updates, security enforcement and data management are “shadow” activities in most organizations. Few executives or employees appreciate the issues and complexities involved in performing these functions. They are largely considered to be utilities – things that must be done to maintain business operations but add very little intrinsic value to the organization and can never be a source of strategic business advantage. 

IT executives have bemoaned the existence of “shadow IT” within their companies from time immemorial. Most of their complaints have been directed at functional groups and business units that have assumed responsibility for configuring SaaS applications and adopting collaboration and freeware tools. However, if you truly step back and look at the broader disintermediation of IT from its traditional roles and responsibilities, the changes are much more sweeping and profound.