Rogue IT Driven By Need For Speed - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy
Commentary
4/11/2014
09:06 AM
David Fowler
David Fowler
Commentary
100%
0%

Rogue IT Driven By Need For Speed

We've lost control to business users before. But this time, the thing that initiated our pain (the cloud) may also be the cure.

Over the last 35 years I've seen technologies come and go. For the most part, I can drop them into one of three buckets. (Keeping track of more than three is tough at my age.)

The first bucket is technologies that move the industry forward -- Ethernet on twisted pair instead of coax, mini computers instead of mainframes, routers instead of bridges, tablets instead of laptops.

Second are technologies that are the equivalent of pet rocks -- lots of fanfare, big flash, didn't last in the real world. I have a few in mind, but in the interest of not starting a flame war, I'll just ask you to share your favorites in the comments.

The third, and smallest, bucket holds tech that disrupts the way we do business. Users won't wait to adopt these technologies through normal IT channels. They find ways to bypass controls in the name of business growth. Who hasn't read about the difficulty of dealing with BYOD? Stopping the use of mobile devices for work is about as likely as cleansing the Internet of that embarrassing YouTube video. Another poster child for rogue IT is SaaS applications that allow users to move faster than the traditional IT model.

Their justification: "It's just a tool, and it will help me meet or beat my business goals."

If history repeats itself, and I'll give odds that it will, at some point the cost and risk of using disruptive tech without IT involvement will exceed the short-term benefit. I'll also give odds that when IT is called in to clean up out-of-sync data, provide appropriate security, and assure there is a backup and recovery system, it will be cloud technology and services that will help us get things under control. It's actually a predictable cycle. Let's look at the three steps that rogue IT will go through in its latest iteration around cloud apps.

The InformationWeek 2014 Strategic CIO Survey shows IT executives worry about implementing fast enough to satisfy the business. No wonder rogue IT is a perennial problem.
The InformationWeek 2014 Strategic CIO Survey shows IT executives worry about implementing fast enough to satisfy the business. No wonder rogue IT is a perennial problem.

Speed vs. control: Speed wins.
When a business unit gets its hands on a new technology it can use to accelerate operations, that tech will spread like water finding the path of least resistance. After all, it's unhindered by policies, purchasing red tape, and security and compliance concerns. When faced with the tradeoff between waiting for normal policies and controls to be put in place (the brakes) or the business moving fast to compete more effectively (the gas), speed wins.

Speed vs. risk: Balancing act commences.
At heart, risk is "impact x likelihood." I can say from experience that sometimes even low-likelihood situations (like not sending flowers on my anniversary) can create very high risk. This is the analysis CIOs must do to determine when the risk to the company exceeds the value to the business or department. Ignoring compliance, for instance, may reap benefits for a business unit -- until an audit finding embarrasses the CEO in front of the board. Quantifying risk may be just as difficult as getting the technology under control, but it moves the discussion from being about technology to one about business.

Speed vs. pain: Ultimately, pain wins.
All things created equal, when the pain to the business of managing a rogue technology exceeds the value it provides, something gives. Frequently, that "give" is an effort to transfer the pain to someone else... like IT. It's not a question of if this will happen with cloud, only when. The business has no interest (or expertise in most cases) in managing security, compliance, SLAs, or technology administration. I don't know many sales departments that can assess the security issues of that cool new mobile app they're using, or marketing departments that can manage a PCI audit of their cloud vendor.

While all this may fall on internal IT, we now have the option to use new cloud technologies to shift some of the pain to outside services. Your first step should be to investigate what the providers that business units have contracted with can do for you. They want to keep that business, and they get that working with IT is how that happens.

As for business departments going rogue with IT projects, first and foremost, heed the old adage -- if you can't beat them, join them. Don't get mad, get in front of the curve by providing guidelines that the business can use to evaluate a hosting vendor or software company in the areas of security, compliance, and support. Be a partner, not an adversary.

If IT resources allow, offer to send someone to consult during the selection process so that IT is involved without being an impediment.

Finally, document the risks associated with any rogue projects that you get wind of, and share that information. You may not stop a department from doing something stupid, but it's important to make business managers understand and accept the risks they're taking. Just keep in mind that, as the CIO, you are still on the hook for the results -- as I found out when the florist didn't deliver those flowers.

You can keep only three security products. Which ones stay? Tell us in InformationWeek's 2014 Strategic Security Survey and enter to win a 64 GB iPad or a one-on-one consultation with the report author, Michael A. Davis.

Dave Fowler is currently vice president of marketing for INetU. Fowler is a veteran of the software industry, with more than 35 years of industry and senior management experience in marketing, product management and development, business development, and sales. His most ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
4/14/2014 | 3:12:38 PM
Pain rules but is that rational?
The axioms that speed always wins and pain rules are true enough all too often, but I'm not sure well run companies would hold them up as guidance. It seems to me a  CIO engaged with other executives can teach the business to avoid some hazards leading to pain, even while tolerating some amount of shadow IT. It's simply irrational fire-fighting all the time for the business to allow speed to win and pain to rule in every case.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
4/11/2014 | 10:45:54 AM
SaaS Smarts
I find it surprising that SaaS vendors are not all over the typical IT concerns (security, performance, integration with internal systems, data portability). This is a pretty mature area. Do you see SaaS vendors, even smaller ones, begining to be more proactive in this regard, or are they in general betting on the business to beat IT into submission?
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Commentary
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
News
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll