How Freddie Mac brought shadow business apps into the light

LinkedIn

Your internal business partners decide the IT department is too slow. So they retreat to the shadows, hire their own development shops, and commission new applications. You are happily oblivious to this covert behavior until something goes wrong. Then it’s your job to step in and scale, secure or save the applications. If only you had been involved from the start …

Sound familiar?

When Rob Lux became CIO of Freddie Mac in 2010 he received a report that said the company had more than 2,000 “end-user computing applications” (EUCs).  “The attitude in IT was, ‘OK business, have your EUCs, but you’re on your own,'” Lux says. “‘If something bad happens, deal with it yourself.'”

Attitude notwithstanding, IT inevitably stepped in when a EUC that had become critical to the business, was unable to scale. Beset by the performance crisis, the EUC owner told IT that they needed to “productionalize” the app. This situation was stressful for both IT and the business, and there had to be a better way. 

The IT team set out to improve its relationship with its business partners in the longterm and to deal with all of those EUCs in the short term.

Freddie Mac’s approach to handling EUCs

The senior IT leadership team considered the strategy of hiring a firm to reverse engineer the EUCs into applications, but they quickly rejected that idea. “Converting EUCs to apps is like draining the lake as the river fills it up on the other end,” says Lux. “People will keep building new EUCs, so the vendors leading the reengineering effort would have employment for life.”

Instead, the IT team prioritized the different EUCs they found and brought the critical applications out of the shadows. They made sure that those apps had support, disaster recovery, security, and everything else that a big app needs. But Lux’s team decided the same level of centralized control wasn’t needed for the smaller, non-critical EUCs.

Once the IT team relented on centralized control, they came up with an innovative idea: build an enterprise platform for EUCs, and instead of converting the EUCs to applications, migrate them to the platform. New EUCs, regardless of who did the development, would be built on the enterprise platform, as well.

“If people need an app to do a little piece of their work that isn’t critical to our business or isn’t SOX related, why do we care?” Lux says. “Why do we need to control everything? Let’s let them do their jobs.”

Freddie Mac’s 3 steps for building a EUC platform

For Lux and his team, the first step toward building the new platform was documenting all of the EUCs in use. They were in good shape, because Freddie Mac already required EUC owners to register their apps in a central repository. So IT didn’t have to spend a lot of time on this first, critical step of documentation.

The IT department had also completed a comprehensive inventory of EUCs. “They thought, ‘No other firm has this many EUCs!'” says Lux. “I told them that I had worked in companies that had just as many EUCs as Freddie Mac. But because they didn’t do an inventory, they may not have realized it at the time.”

The next step was to determine which technologies the EUCs used as a prelude to developing a managed platform where they could reside. “If your business managed applications are using very diverse technologies, you will need to determine whether you can standardize on just a few and convert the others,” says Lux. Fortunately, the EUCs at Freddie Mac tended to use SAS and the Microsoft stack, so building a managed platform was relatively straightforward.

The third and most critical step, of course, was building trust between the business units and IT. As a part of establishing that trust, IT set up an EUC governance group, designed to bring IT closer to the business units in collaboration on new functionality. “Sometimes you have shadow IT because the business unit just doesn’t want to deal with IT,” Lux says. “If they trusted IT, they would never have built the EUCs in the first place.” 

EUCs come out of the shadows

Freddie Mac’s IT department launched this three-step plan, and within 18 months the percentage of critical EUCs running on its managed platform increased from 8 percent to 77 percent. “This does not mean that IT manages these apps,” says Lux. “IT manages the platform they sit on. Through that platform, we can guarantee that the apps have backup, disaster recovery and data encryption, but the EUC owners can make their own modifications.”

Lux and his team are very happy with the EUC platform, the way it brought end-users out of the shadows and readied them to partner with IT. But Lux says there is still work to do. “We want to get to a point where there is no distinction between an app and an EUC. But for now, our business units know their  IT department is not out to shutdown EUCs. IT is just here to support our business.”

About Rob Lux

Rob Lux is the executive vice president and CIO of Freddie Mac. He is responsible for the company’s IT assets and services, and oversees end-to-end technology solutions that ensure delivery of strong operational platforms and integrated services throughout Freddie Mac.

Prior to joining Freddie Mac, Lux was a principal at Towers Watson and was responsible for leading teams on three continents in the delivery of commercial risk modeling applications for the insurance industry. He has more than 30 years of experience in the IT industry and 10 years experience in the mortgage industry. Lux earned an Masters of Science in the Management of Technology from the University of Pennsylvania, and a Bachelors of Science in Commerce and Engineering from Drexel University in Philadelphia, Penn.