The trouble with rogue IT, a service provider perspective

With the migration to the cloud in full swing, rogue IT can be a problem for companies when employees bypass corporate IT and sign up for cloud services. To get his take on the problem and solutions, I spoke with Peter Kraatz, national practice director of cloud service management at Datalink.

Peter opened the conversation by commenting that if IT does not change the way they engage the business, rogue IT will only get worse. Part of the problem is that IT does not understand the business. At a conference a while ago Peter asked a group of CIOs what McDonald’s does. Nine out of 10 CIOs responded that McDonald’s make hamburgers. Wrong! Franchisees make the hamburgers. McDonald’s is a real estate management and an intellectual property firm. McDonald’s buys real estate, renovates buildings, and they sell or lease this to franchisees. They design new ways of making hamburgers; they develop menus, they design systems. This intellectual property is then licensed to the franchisee.

Datalink

Therein lies the problem. If CIOs don’t understand how McDonalds makes their money, how do they hope to understand how vastly more complicated organizations, e.g. like a manufacturing company, make their money? Sometimes IT is stuck in the plumbing, lacks imagination and doesn’t understand the business. To be successful, IT must understand the business, and be part of the business conversation. IT can, for example, employ a marketing person from inside the business on their team to understand how data-driven marketing has become.  IT people also need to get firsthand business experience and understanding. Peter’s comments echo a similar approach that was advocated in a recent interview I had with Abe Lietz, CIO at Curves Jenny Craig.

Peter commented that this kind of cross-pollination is good for everybody. With the cloud economy, IT must be explained in a way that the business can understand. That means phrasing IT services in business language, typically in terms of the work that must get done. The business is willing to engage IT for any number of things, but they need to know what is possible.

IT and the business have a common enemy in entrenched bureaucracy, which can rear it’s ugly head in many places like compliance, finance and even in IT itself. It can take the form of inertia, e.g. we have always done it that way. It also appears when somebody who has control of a fiefdom is threatened. For example, Peter was working on a backup and recovery engagement with a client in the Bay Area. To advise them on an effective solution he needed to understand their retention policy, but the compliance office cited confidentiality and refused to turn that information over to his team. They would not even share this information with their internal people!

Another major factor that plays into the rogue IT equation is the Dunning–Kruger effect. This is a bias where people overestimate their skills, capabilities, knowledge, etc. and underestimate their weaknesses because they don’t know what they don’t know. They tend to believe they are experts when they are the furthest away from being an expert. People in the business can fall into this trap when selecting software, for example by totally underestimating the difficulty of gathering all their requirements. On the other side of the coin, the people who truly are the experts underestimate their competence, their capabilities and overestimate their weaknesses because they have such a good understanding of the real problems involved.

Dunning-Kruger doesn’t tell you how to solve the problem, but it does explain the symptoms. The people who should be telling you the answers don’t want to get it wrong, so they don’t answer effectively. The non-experts overestimate their capabilities, underestimate the problems and invariably make very bad decisions. Peter commented that the interchange of ideas between IT and the business prevent people from getting locked into just one way of looking at problems, especially when they have always “done it that way.” Different perspectives on the same problem lead to better solutions.

To conclude, the path to minimizing the impact of rogue IT is one where IT needs to improve communication with the business, which takes place in two areas. First, IT should go into the business and understand their problems. Secondly, IT needs to communicate their services with the business in terms the business can understand, i.e. in the language of business. When IT is accessible to the business, communicates with the business and partners with them in a consulting role, rogue IT is far less likely to be a problem.