July 17, 2012 | By Rey Villar
Every organization I’ve had the pleasure of working with in 14 years of consulting has had a huge number of non-productionized, business critical applications. The importance of these tools is undeniable – and their reach is frightening. The business units that build and maintain these rogue applications don’t take lightly to suggestions to stop using them. Ask them to. Just try.
No self-aware IT manager likes to recognize the ubiquity of applications built using shadow IT. The IT shop views such work with distrust.
These Excel workbooks, MS Access databases, stored procedures, SAS and SPSS jobs reside in a parallel universe with a different set of governing principles.
Projects built outside IT have little patience for lack of a centralized platform, enterprise tool, methodology, or IT governance. A business need was recognized, some very competent business analysts cobbled together data and code into an application, and the business need was satisfied. An effort that might have taken the IT shop six months and several hundred thousand dollars was completed in a month without a discrete budget or an IT resource. The ‘Kid’ database or ‘Fred’ application survives long after their namesakes moved on. It’s not beautiful. It won’t win industry awards. But despite the absence of the IT shop, it works.
As IT professionals, we need to understand what drives such undertakings. The rule is slightly different from the convention. “If you build it, they will come” changes to “they’re building it – with or without you” and often “they built it, before you got here.” The business labored to meet a filing requirement, to drive a mandatory report, to craft a key competitive analysis, or fulfill a request from a departmental manager. “They” built it because the IT shop balked at the timeline proposed by the business. “They” built it because business strategy prioritizes survival over process.
We all cringe knowing that applications residing in this parallel world will continue to play a critical role in running our organizations for a very long time, despite the risks.
As long as IT is hobbled by the inability to build fast, efficient and proactive rather than slow, calculated and reactive, we’ll have shadow IT.
Somewhere between those two operational modes must be a way to bring shadow IT into the light.