Headlines and surveys about shadow IT and the measures that CIOs should take to control technology expenditure outside of their budgets are still commonplace. And, whilst the exact level of shadow IT activity may be difficult to quantify and will vary across different organisations, one thing is clear: technology budgets held by non-IT functions are increasing and will continue to grow for the foreseeable future.
Shadow IT is not new, of course. Ever since IT departments have existed, there has been some kind of technology-related activity taking place away from their prying eyes. Originally, this unofficial IT tended to be limited to someone with a penchant for Access databases, enthusiastic individuals arranging vendor demos or a manager trying to buy IT equipment on company expenses. More often that not, however, this was done with good intentions and was usually borne out of a need that was not being met by the central IT function (albeit sometimes for good reasons).
In those halcyon days, CIOs had a firm grip on all technology activity and expenditure; when a locally developed database was discovered - usually because it had become business critical and then experienced an outage - it would be absorbed by the IT function and migrated to a corporate standard database with all the relevant back-up, documentation, support and security provisions added. The CIO was the gatekeeper to the company's network and servers and hence could reject requests to purchase systems that other departments wanted to use on the grounds of standards, support, skills, cost, database, operating system, priorities, security, vendor size, or whatever other reason they could think of to keep control of the technology landscape.
And, in most organisations, it was simply not possible for another department to bypass the IT function by directly purchasing technology; only the IT function could raise orders for technology and, if another department tried to purchase IT equipment or services, this would be trapped by the Finance department and referred to IT for review and approval. And, just in case a department was tempted to hide technology expenditure under a non-IT account or cost code, the company’s procurement policies (often at the insistence of IT) made it clear that such an action would be treated as a disciplinary offence.
But the world has changed. In the last five years or so, shadow IT has moved to a whole new level. Technologies such as mobile and cloud have made it a lot easier for non-IT functions to access technology solutions and services without the need to go near the company’s servers. Apps can be installed on mobile devices in a matter of seconds, and cloud-based solutions can be accessed without IT even knowing.
And the organisation's approach to IT has changed. Technology is now fundamental to what most organisations do; it has moved from supporting the back office to driving revenue streams at the front of the business. An increasing number of other functions want, and need, to have a say in technology decisions and many now have their own IT budgets. It will eventually become the norm for other functions to be spending more than the IT department on technology. Shadow IT has come out of the shadows; it is now official, sanctioned and, in many cases, necessary.
CIO attitudes towards shadow IT have also been changing over the last few years - although perhaps not as quickly as the rest of the business. In fact, the relationship between CIOs and shadow IT maps very well to the classic change curve. Stage 1 - denial - saw most IT leaders reject the suggestion that shadow IT was even happening in their organisation. This was followed by stage 2 where denial turned to anger and the IT function actively fought against any unsanctioned technology activity.
In stage 3 - the bargaining or acceptance stage - CIOs acknowledge that shadow IT exists within the business and that it will continue to do so. They talk about embracing shadow IT but also talk about how to control what other functions are doing. In other words they - they accept that it has to happen but only if it happens on their terms. Stage 4 is about learning; CIOs at this point actively engage with shadow IT teams and seek to understand why it exists, what they can learn from it, and how they and their department can work with these other groups. This can be a difficult stage with the CIO learning some harsh lessons about the service the IT function provides and where it may be lacking in terms of skills and capability to support the rest of the business.
In the fifth and final stage, CIOs not only accept that other functions have to be involved in technology decisions, have their own budgets and need their own IT skills, but actively embrace, encourage and facilitate this happening. At this point there is no such thing as shadow IT. All IT activity - wherever it happens and whoever is leading it - is official. CIOs that reach this stage have made the final step from gatekeeper to broker. They have worked out how to influence, guide and facilitate what other functions are doing without having control or the ability to say no. And they are comfortable with this model as they realise that it enables them to focus on more important and value-adding activities.
Worryingly, a small number of CIOs are still in stages 1 and 2 of this process. They are either insisting that shadow IT does not exist in their organisation or they continue to use the tactics of the past to try to supress any IT activity outside of their function. These IT leaders are fighting a losing battle and will gradually become isolated and irrelevant before disappearing altogether.
In my experience, the majority of IT functions are at stage 3 - they engage with shadow IT but their main objective is to exert control over what other teams are doing - whilst a small number are operating at stage 4. IT leaders at stage 5 are the exception but this is where the rest of the organisation is at; other functions do not see what they are doing as shadow IT. People outside of the IT department see their technology activity as essential to meeting customer needs, enabling innovation and driving growth. And this is how CIOs also need to see the role of other functions with regard to technology. It is time for IT leaders to embrace their role as the organisation's technology broker and to accept that there is now no such thing as shadow IT.