What I mean, of course, is that we need to stop using the phrase, “Shadow IT.” It is completely non-descriptive of exactly what we mean. You want “ninja IT” so that employees can stop being prisoners of IT. Let me explain.
As you know if you’re a regular reader, my contention is that there is WAY too much tech embedded in every aspect of modern life and business for IT to have a direct span of control over it all. The CIO’s role must change from service provider of all things to enabler of all things. We have a business case to do tech internally? Do it. We have a business case for IT to be heavily involved in app integration with a cloud provider? Ok, we can do that. But, does IT need to personally be involved in a use case for SaaS with a low risk profile and no integration needs? Not unless we want to seriously overstaff IT and micromanage every line department.
Life has changed. We used to have a centralized print shop at most large enterprises. Not anymore. Do I mean that IT is going away? Hardly. But it is not a leap to say that we have already entered an era where IT is not the sole source service provider / bottleneck for the entire enterprise. Being the bottleneck did not buy us breach security, so don’t even go there.
We need to stop referring to “external” service providers as “shadow” and start using a more specific term.
What do I mean? “Shadow” seems to encompass “IT won’t help us, so we did XYZ by ourselves,” as well as “IT understood that there are some tech decisions that we can make on our own, and enabled us to act independently and safely.”
One is a “prisoner/warden” relationship. The other is an “actor/protagonist” relationship.* Which do you want to be? Which do you want to have at your company?
The Prisoner/Warden Relationship
I suggest using the term “rogue IT” when we mean the results of the “prisoner/warden” relationship. Employees go rogue, not because they want to be bad, but because they need to get their darn jobs done.
Working entirely outside of IT in a sneaky manner is still bad, of course. So how do we prevent it?
If you’re a business leader, focus on the IT and business relationship. Don’t tolerate IT leadership acting in a unilateral and fear-based, irrational way. Encourage line of business staff to comply with reasonable IT guidelines so that IT, with general cooperation from employees, can be more effective in securing the organization. Help employees to understand that when you comply with security guidelines, that means MORE freedom in other areas. IT sometimes gets wigged out when employees are non-compliant with guidelines, and they just lock everything down, which doesn’t help anyone. But also help IT to understand the credibility equation. Having overly burdensome rules, poor customer service, or unreliable systems erodes IT’s credibility, and makes employees tend NOT to want to consult the IT organization at the beginning of a business tech initiative.
If you’re the CIO or other IT leadership, by creating guiding principles that help staff to understand that IT is there to serve and protect, not imprison and disable. Seek to understand what business needs really are. Don’t let fear be a substitute for earnestly helping a business unit to evaluate a cloud service and determining whether IT actually needs to be deeply involved or not.
The Actor/Protagonist Relationship
How about the “actor/protagonist” relationship?
It’s the healthier relationship, to be sure.
I don’t know what to call this type of IT. My colleague Lori MacVittie laughingly suggested “Ninja IT,” because, you know, Ninjas. But there’s got to be another term. “Enabled IT” is just way too dorky. “Collaborative IT” sounds like something a consultant with a better suit-and-tie than a brain would say.
So I think I’m back to Ninja IT. Go forth and enable it. And by all means, if you have a better term, let me know!
* I originally wrote “guest/concierge,” but I think it is less servile than the guest and a concierge would imply. I got the idea of IT as a protagonist from Accenture’s Mark McDonald, which I described in an InformationWeek column a few weeks ago.