Shadow IT: Not a new thing and nor is managing it

Published on the 26/04/2017 | Written by Owen McCall

Many IT organisations are strong on wanting a mandate as a way of eliminating shadow IT – but it won’t work, says Owen McCall…

IT organisations tend to be fond of a mandate which states what IT does and what users can and cannot do. The expectation is that if we can simply clarify and enforce the rules, then shadow IT will go away and all, or at least a few, of the world’s problems will be solved.

However, there is a problem. Mandates have never worked when it comes to users and IT.

It is the mid-1980s and I am a freshly-minted graduate working at Deloitte. I have bought my first ever PC. A sewing machine-style luggable. I have always been a bit of geek and at the time this was the latest greatest machine of its type with twin floppies (if you’re a millennial and don’t know what a floppy is, search Google. For those that do know, this is so long ago that floppy drives truly were floppy).

I loved that machine. It was a game platform, a massive calculator through amazing spreadsheets, a word processor (and anyone who has tried to read my handwriting will know how important that is to me) and many other things besides. I could do so much with it, but, I was not allowed to use it at work.

Instead I had to use A3 size tabular paper and multiple coloured pens and pencils as notation aids and massive handheld ‘manual’ calculators. It was ridiculous. I could have been so much more productive if they had just let me use my PC.

But no, the powers that be had decided PCs had no place at work.

Despite the rules, I and several others slowly began to use our PCs anyway. They were helpful and improved our productivity even back then.

The introduction of the PC saw a massive rise in shadow IT for most organisations. While people like me found them useful IT teams routinely sought to shut them down and keep them out. Many IT teams proclaimed and enforced bans – right or wrong, we all know how that eventually played out.

First encounters of the mandate kind
While my little rebellion wasn’t the first instance of shadow IT ever recorded, or likely the worst, it was my first experience of IT mandates. It still demonstrates how futile it is to attempt banning that which people find useful.

Yet many IT teams today still seek mandates to determine what technology an organisation can use and to ban the rest.  And too often the prevailing opinion is that if users dare step out of line, they should be chastised. They seem to want to treat the rest of the business as if they are naughty children who have broken the rules and need to be told off or better yet smacked.

We know in our industry that mandates don’t work. If people want and need something and IT can’t or won’t provide, they just go around IT. Shadow IT. That nasty underworld of backroom deals and shady characters who go around IT and ignore all our good work.  We need to deal with those reprobates and return the organisation to the light. It is part of our fight against evil and let’s face it, there are some very good reasons for us to keep up this fight.

But maybe shadow IT is our fault.  After all, deep down all these “shady characters” are trying to do is figure out how to get their job done in the best and easiest way and IT can’t or won’t help.   Shadow IT happens because you have, or think you have, a mandate but fail to back that mandate up with great service.

Yes, mandates are important to keep the organisation safe and to enhance your prospects of delivering value, but every mandate needs to be backed up with an appropriate service proposition or people will try and work around it.

Solving the riddle
What can you do about it?  Here’s one approach that seems to be getting results.

In one organisation, shadow IT is rampant.  Business leaders are sourcing their own systems because the IT team can’t or won’t help (there simply isn’t enough capacity – people or money – to meet demand).  In response, the IT team has set the business free to make its own decisions, positioning itself instead as a facilitator.

Some of the key aspects of the approach are:

  1. All significant IT investment decisions are formally made by an executive committee.  The business leader needs to front this committee and convince them of the value of their proposal.  The CIO is part of the decision-making process. While possible that the committee could make a technology decision that the CIO disagrees with, the dynamics of the process supports collaboration on solution definition. Sometimes IT leads, sometimes their peers across the business lead but no one wants to front up to their peers for a public battle, so these issues are nearly always addressed before the meeting.
  2. The organisation is progressively sorting out what is important and core to them and their success and what is non-core. Business activities, which are considered core, are much more likely to be supported by centralised organisation-wide solutions.  For those areas which are not core, a more hands-off approach is taken.
  3. IT has established a dedicated SaaS enablement team which works with and supports the business to effectively implement a chosen SaaS tool. Their focus is to support the business with a focus on core technology issues of security, integration and getting work done in their culture.  This team avoids enforcing mandates (leaving that to the executive committee) and simply try and be helpful.  What they are finding however is that the more helpful they are the more influence they get in future decisions.  A nice win -win outcome.

This organisation has some way to go. IT still gets worked around at times, but the more it lets go of mandates and focuses on providing great support and service, the more influence it gets.

What can you do to start your journey? Start by identifying all those areas where you have or wish you had a mandate and then ask yourself these questions:

  • Does this mandate really matter? That is, is it core?
  • In what areas are we okay with a little shadow IT and where might it be desirable?
  • What service proposition do we have in place to support our people and organisation so they want to work with us?


Passionate about using technology to make a real difference to businesses, communities, families and individuals, Owen McCall has focused his career on understanding and answering this question: “How do you harness the power of IT to deliver value?”
An independent IT consultant, he is a former CIO of The Warehouse.

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Other Articles by Owen McCall

Transitioning to agile? First prepare your environment

opinion-article |May 29, 2018 | Owen McCall

It may well be the corporate buzzword of the decade, but proper business agility is all about setting the foundations say Owen McCall…

Digital transformation, incumbents and the business model conundrum

opinion-article |May 23, 2018 | Owen McCall

What Uber, Amazon and the Fosbury flop can teach us about innovation…

Why CIOs must master the S-Curve

opinion-article |October 2, 2017 | Owen McCall

Thanks to Moore’s Law the S-Curves in technology are frighteningly short, writes Owen McCall…

Outcomes don’t depend on where you begin

opinion-article |February 8, 2017 | Owen McCall

IT teams and professionals should focus on desired outcomes, rather than mire themselves in the problems of the day, says Owen McCall…

Of love, hate and the Gartner Hype Cycle

opinion-article |August 31, 2016 | Owen McCall

They’re great and they’re awful – find out why Owen McCall is ambivalent about Gartner’s Hype Cycle…

Failure is good. Yeah right!

opinion-article |July 14, 2016 | Owen McCall

Owen McCall says we should switch from ‘initiatives’ to ‘experiments’…

Is the Internet Safe? Of course not!

opinion-article |June 15, 2016 | Owen McCall

The internet is not 100 percent safe, but that doesn’t mean you shouldn’t be using it to support the growth of your business. Owen McCall says we should approach it more like driving…

The problem with projects: not fit to deliver value

opinion-article |April 19, 2016 | Owen McCall

What do IT projects and fitness regimes have in common? Owen McCall exercises his theory of the business value creation process…

Driving digital competence

opinion-article |February 23, 2016 | Owen McCall

My daughter Sarah has just passed her learner’s driving licence…

When a disaster isn’t a disaster (and how to better deal with ERP implementation complexity)

opinion-article |October 28, 2015 | Owen McCall

Many years ago, writes Owen McCall, a contribution to a study on ERP implementation failures threw up a completely surprising response…

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...