Is Shadow IT a problem to be stopped? Or is it a way for SMB CIOs to get more done with less?
As CIO of a mid-market manufacturing company, I am often confronted by the tough reality that my small team does not have the resources to provide solutions for every technology need that arises in the company. As much as we hate to let down our co-workers, we have no choice but to prioritize projects and do our best to make sure that the core needs of the company are being met, and that we are spending our time and money where it can best support the key goals and objectives of the business.
Sometimes, we try to fit in more projects, hoping that we will find the “spare” time to provide even a little relief. But these side projects often end up languishing so long that we wish we hadn’t offered to try to fit them in.
Eventually, some departments or individuals conclude that their only hope is to take matters into their own hands. They either make a purchase or cobble together something on their own that gets the job done. They may or may not let the IT department know what they have done.
Eventually, all these little systems take on a life of their own. They get modified, added to, and distributed. And they often build up silos of data that find their way onto reports. We now have a tier of technology that is managed outside of the IT department, which is referred to as “Shadow IT.”
Shadow IT can sometimes meet short-term needs adequately, the long-term ramifications can be a big problem. Security concerns arise, since there may have been no efforts made to secure these make-shift systems. Underlying software may miss updates and patches, leaving holes for hackers to exploit. And when problems occur, like questions about the validity of data on reports, or coding errors, the IT department may be called in to fix it and wind up spending unplanned resources trying to make it work right.
A common response to Shadow IT is to try to prevent it by locking down systems or putting in place policies that discourage or disallow technology projects outside of the IT department. While this may alleviate the main problem of data silos or technical debt, it also tends to pit IT against the rest of the business. To simply say “we don’t have the resources to tackle this need, but you aren’t allowed to do it yourself either” will not win any allies.
A Better Approach
In an SMB, we are tasked with doing more for less. We must find ways to provide solutions to business problems that don’t necessarily fall under the IT budget. Rather than try to keep all tech projects under the umbrella of IT and prevent other departments from building their own, we can bring Shadow IT into the light by providing guidance and governance. This way, the CIO and the IT team can be seen as providing solutions without necessarily having to do the work themselves.
With this governance approach, some portion of the IT professionals’ time will now be spent enabling power users to solve their own problems. Systems can be put in place to empower non-IT business departments while ensuring that the data comes from approved sources, security concerns are met, and proper maintenance is observed such as regular backups and software updates.
Enter the Citizen Developer
According to Gartner’s Information Technology Glossary: “A citizen developer is an employee who creates application capabilities for consumption by themselves or others, using tools that are not actively forbidden by IT or business units. A citizen developer is a persona, not a title or targeted role. They report to a business unit or function other than IT.”
These power-users know their business best. They know what their pain points are. They know what processes they want to automate. They know the details of complicated calculations they need to perform. And often, a citizen developer will have great ideas of how to solve those business challenges.
They just need the right tools that have been sanctioned by IT, with controls in place to ensure that they are used properly, and they may also need training and guidance from IT to get it done. There are many such tools available, including “no-code” and “low code,” which give power users the ability to create applications using drag and drop interfaces rather than complicated programming languages. Data entry screens with databases can be created, workflows can be automated, and dashboards created. Even artificial intelligence can be included. And it’s all getting easier and easier as technology advances.
For the SMB CIO, this provides a wonderful opportunity to stop telling the business “no” and start saying “yes.” It does require a change of mindset, though, and may require a change in the kind of team members we hire.
When all IT projects are primarily met through programming, we want the best, sharpest software developers we can get. However, if many of the solutions are delivered by the business users themselves, we need IT pros who have people skills. They need to be able to train users in the no-code/low-code tools. And they need to be able to focus on empowering the users to be self-sufficient, rather than just spending long solitary hours writing code.
The next time you hear about Shadow IT in your organization, take the time to investigate whether the innovative people responsible for “going around IT” could be deputized to help you accomplish much more than you ever could with a small team and a limited budget.