I’ve posted before about Shadow IT, but I want to revisit the subject – I think it’s a big issue that needs some more air.  I’ve been reminded of this lately as I work with a client with a neglected IT capability.  A new CIO has been brought in (the first sign that a hitherto neglected IT capability is now getting some attention) and he’s asked us to help him review the global IT operating model.

Among the challenges this CIO faces are a number of Shadow IT groups – small groups of people doing IT work around the company, but outside of the IT budget, governance, accountability or responsibilities of the “official, sanctioned” IT organization.  BTW, when I come across Shadow IT groups that are known/recognized, I always wonder about other Shadow IT groups that might be lurking so deep in the shadows that they are all but invisible.

Shadow IT groups are often a symptom of unmet (or poorly met) demand.  As such, they are prevalent in low business-IT maturity environments (i.e., demand appetite exceeds supply capability, so demand creates its own supply).  Paradoxically, they are also prevalent in very high business-IT maturity environments, although we would probably never refer to them as “Shadow IT.”  More likely we’d think of them as “power users,” or “embedded IT capability” and we’d encourage and celebrate such indicators of high maturity.  So, rule 1 – it’s important to know why you have Shadow IT.  If it’s a result of low maturity, I strongly believe Shadow IT needs to be integrated into the formal, sanctioned, budgeted IT operating model.  If, on the other hand, Shadow IT is a result of high maturity, then the right infrastructure for them needs to be provided, and they should be prodded and encouraged.

Why do I think Shadow IT in low maturity environments should be eliminated?  First and foremost, because they are a symptom of low maturity.  If you are going to eliminate them, you have to commit to (and act upon) improving the state of IT capabilities.  This is, of course, a good thing.  Additionally, Shadow IT groups are often unwitting impediments to improving IT capability.  If as CIO I don’t have the entire budget, then IT spend is sub-optimized.  If as CIO I don’t have control of IT standards, processes and practices, then it is that much harder for me to improve IT capability.  It’s not that some IT capability should not be embedded in the business – it absolutely should.  But exactly what to embed, when and how to embed it are important questions that need to be thought through and the IT operating model properly “designed” (at least at lower maturity levels).  Designing an IT operating model to be something akin to Swiss Cheese, where you have to design around the holes is not efficient, and is not a good basis upon which to drive an IT transformation.

Finally, there’s a “tough love” aspect to tackling Shadow IT groups.  When I was a kid growing up in London, UK, I went to a school where uniforms were de rigeur, complete with school caps!  (Long before AC/DC’s Angus Young showed us how cool they can be!)  I was caught once too often without my school cap and was sent to the Vice Headmaster’s office for a dressing down.  Fortunately for me, he was a wonderful man with a sense of humor, a Royal Airforce mustache and manner, and a vintage Rolls-Royce to boot!  He gave me one of life’s great lessons – that it was not about wearing a school cap, per se, it was about setting and living within defined boundaries, so rebellious chaps like me could push against them without doing real harm.  It’s like a parent disciplining their children – if the discipline is absent, the child will feel unloved.  (Of course, too much discipline is even worse!)  Anyway, when the CIO (with appropriate air cover from the CEO and executive team) announces that all IT will be managed under a single IT budget, and all IT-related resources report to the CIO’s organization, this sends a message to the firm – we are raising the bar on IT!  People may not like it, but they will like the fact that someone is getting serious about improving the performance of the IT function.  I’ve often seen situations where the predictions of “Oh, this will create a real stink and lots of resistance!” was far from what actually happened.  Instead, people said, “About time – please take this group back into IT – its where they belong, and where they will have the best growth and career opportunities!”

So, if you have a Shadow IT problem, don’t be a wimp!  Tackle it head on as an integral part of your IT transformation plan.  Be ready for the noise and resistance, but don’t let it derail you!