Rogue IT: Gaining Control - CIO/IDG Research
Being innovative is a must for organizations hoping to compete in today’s global business environment. After all, it’s often the innovation-driven ability to better serve the customer and enhance revenue that fuels competitive advantage. Oftentimes, technology serves as the primary route to innovative results. However, the pace of technology can exceed the ability of IT to keep up with demands. As a result, IT organizations often find themselves falling victim to rogue IT equations.
While often more prevalent than IT leaders wish to acknowledge, the commonality of rogue IT environments only continues to grow within today’s highly competitive, tech-driven business atmosphere. For instance, in Gartner’s 2012 Annual IT Outlook, analysts predicted that in less than three years, 35 percent of enterprise IT expenditures will happen outside of the corporate IT budget. Fortunately, there are a few telltale signs that lines of business are venturing out on their own to pursue IT-based solutions to their current needs. And, recognizing rogue IT paves the way to better control and more centralized IT spending from new workflows and governance that fosters quicker spin-ups for business units.
“Businesses need to be able to transform IT from a group that says no to business to one that empowers the business to move fast and accelerate toward strategic goals.” — Gerardo Dada, Director of Product Marketing Rackspace Hosting
FIRST SIGN: PHANTOM PRODUCT ROLLOUTS. One of the most prevalent signs of a rogue environment is the rolling out of new products and services without IT involvement. When competing in today’s fast-paced environment, the company that is first to market with new, creative offerings tends to grab the lion’s share. Innovation without oversight can positively transform an organization when all goes well. However, on the flip side, a reckless maneuver can spell disaster, since IT is still responsible for managing and supporting that innovation. Marketing is usually a top culprit of rogue IT activity. As such, an array of microsites and URLs not on the organization’s domain inventory is an indicator of rogue activity.
SECOND SIGN: REDUCED REQUESTS. Another obvious sign is fewer innovation-related requests from business. When lines of business (LOBs) are pursuing their own innovations, the need for IT to deliver iterations to existing products often dissipates. While this may free IT to handle day-to-day functional tasks, it is in direct conflict with IT’s strategic role. For most companies, the smart thing to do is assume that a rogue environment already exists.
THIRD SIGN: UNBALANCED BUDGET. Increases in technology budgets within lines of business can signal trouble. This trend is starting to receive more attention as LOBs outside of IT are begin- ning to spend more on technology—usually around managing and leveraging big data to better understand customer preferences and ultimately seize new market opportunities. In fact, in the 100 companies PwC ranks as “top performers,” IT controls less than 50 percent of corporate technology expenditures.
This is becoming a reality as LOBs often have their own technology budgets to fuel innovative offerings. Rogue environments are further facilitated by the range of feature-rich tools available through channels such as the cloud, where collaboration, social media and other tools (e.g., VoIP, SaaS applications) are all easily available, and can be procured and integrated into current business practices without IT’s involvement.
Capitalizing on time-to-market innovation opportunities is often the catalyst behind rogue projects, but there is a general perception that IT lacks the resources to deliver in a timely manner. For instance, a line of business may have a two-week deadline for a collaboration portal or a microsite to support a product launch. Or a business leader may need a Hadoop cluster for business intelligence (BI) analysis in order to properly structure a geographic-based service rollout. This becomes an issue when IT cannot instantly address a request because of tedious, required maintenance tasks and tapped out resources.
RECOGNIZING THE RISKS
Regardless of the driving force behind an organization’s rogue IT environment, the potential reverberations can be quite painful. The consequences include shouldering higher costs to manage rogue deployments, maintaining adequate security, suffering compliance inconsistencies as well as risking potential data breaches. While sometimes sophisticated in nature, as LOBs pursue rogue avenues, they often fail to consider data protection, business resiliency needs, intellectual property risks or even the appropriate legal and compliance issues. As such, traditional IT leaders have a bleak view of organizational risks.
For example, if marketing deploys an array of microsites, there are numerous risks, including no centralized system for domain management, public release of old and inaccurate information and expenses for creating and maintaining multiple sites. More severe risks, like not following privacy laws that can result in fines or jail time, could even shut you down. Even inadvertently exposing the company or client data can irreparably damage the organization’s future.
Costly and sometimes crippling data leaks represent one of the biggest concerns for IT, especially since it’s impossible to secure the unknown. But, there is also the issue of improper licensing, which can open the organization up to a number of compliance issues. The other concern is patching. IT cannot patch applications it does not know about. Again, this can lead to serious vulnerabilities.
Likewise, when the business circumvents traditional IT avenues, it fails to leverage the inherent skills, strengths and core competencies of the organization’s in-house talent. For instance, when IT is involved, the end product is often of higher quality with built-in redundancy and security. This is a crucial point for IT to stress to peers pursuing rogue environments, since innovation-driven decisions are often future driven and may lack attention to details that could seriously damage the organization.
In addition to risks, rogue environments can wreak havoc on organizational economics. If an organization has 100 business units contracting with vendors/providers, the likelihood of getting the best deal is pretty slim. In addition, this approach often results in duplicate efforts. For example, if five different lines of business are building websites or collaboration platforms they are probably using five different tools and paying separately for each tool. This also means going through the pains of learning and implementing new technologies in each instance.
REINING IN ROGUE
The best way for IT to rein in rogue environments is to enable business units, while making the dangers of “shadow IT” practices clear to the entire organization. IT must clarify that business units need to analyze whether or not their siloed decision introduces a risk to the whole company rather than simply impacting one business unit. Of course, when focused on revenue generation or growing market share, it can be difficult to see the big picture.
IT’s assistance can open the door to establishing a solid understanding of the big picture. The challenge, however, is always speed and whether IT can move fast enough to meet the needs of the business—a key driver for rogue IT groups in the first place. Demonstrating that IT can be an enabler—as opposed to an obstacle—helps reduce the emergence of rogue IT, as will IT’s ability to help provide support, and ultimately manage cost and risk within the organization.
By being a proactive, engaged member of the organization, it’s possible to prevent or mitigate business units from finding a need to create shadow environments from the get-go. IT must strive to develop an inclusive enterprise process, with the input of key business stakeholders, to capture the needs and objectives of the business while making them aware of enterprise concerns such as security, data privacy, business resilience and compliance, among other risks. This process must also enable swift decision making, particularly when the business needs relate to quickly procuring or building certain services, or standing up platforms for development and testing.
GETTING IN STEP WITH BUSINESS
IT needs to further leverage these business relationships to thoroughly understand what is on the horizon. Understanding upcoming needs for collaboration, BI, microsite creation or testing environments for custom application development empowers IT to properly deliver or steer LOB technology strategy.
Through establishing, maintaining and nurturing relationships with those currently utilizing rogue IT solutions, IT puts itself in a power position to achieve crucial alignment with organizational and often strategic needs. According to the IDG State of the Enterprise study, IT leaders understand the importance of finding alignment, with 89 percent of respondents reporting that they are taking steps to facilitate better IT/business alignment.
“When IT is able to embrace a service provider mentality with the ability to empower lines of business to make smart decisions around quickly deploying technology, there is less incentive to go outside,” says Gerardo Dada.
FOCUSING ON SOLUTIONS
While the primary purpose of engagement is to understand exactly what the line of business needs that IT is not currently offering, the overarching goal should be to offer empowering solutions capable of fulfilling growing needs. This is often where scalable, flexible and secure access to dedicated, hybrid or open cloud environments can significantly help IT bridge the gap.
The value, for instance, of an open cloud is very powerful, with an array of vendor choices, architectural flexibility and deployment options that can help lines of business meet time-to-market demands, yet still provide IT with needed oversight and security measures.
In terms of flexibility and agility, a properly sourced environment can provide configuration options to design and deploy infrastructure where it’s needed—with freedom from a proprietary technology roadmap, pricing structure or business strategy. Businesses can save money by using a public cloud for variable workloads while custom designing private clouds for best price-performance with stable workloads.
Once IT knows what the lines of business need, its focus can shift to building a stable cloud infrastructure with templates in place to enable business leaders to initiate projects and run them in a way that is easier and more cost effective than going outside the business. “IT needs to determine what it wants to push into the cloud and what services are best handled internally. This means determining for each situation what’s required: awareness, management or actual control,” Dada says. “IT needs to understand where it truly adds value to the business, and what tasks are best outsourced. These are the decisions that allow you to build a provisioning chart and cloud infrastructure that makes sense for the organization.”
Seeking out a trusted provider with experience and a proven track record can give IT the peace of mind that with the right architecture, projects will work and pilots will run as intended. This kind of partnership can reduce risk without hampering the LOB’s desire to innovate.
An experienced partner can also provide strategy guidance, map a journey to the cloud and deliver onboarding services without tying up in-house IT resources.
A strategic partner can even help the organization by leveraging virtualized and dedicated environments that can be combined into hybrid deployments to cost-effectively provide the right mix of security, control and agility. Ultimately, this relationship should enable IT to offer LOBs a sense of controlled empowerment that leverages virtualized environments as well as public, private and hybrid cloud configurations—and take time and resource issues off the table.
“Businesses need to be able to transform IT from a group that says no to business to one that empowers the business to move fast and accelerate toward strategic goals,” Dada says. “Cloud serves as a catalyst by enabling and empowering IT in its goal of becoming strategic and transformational.”
The goal should be to find the happy medium by embracing a model capable of meeting IT’s security, compliance and governance requirements, while also providing business with the agility needed to keep moving.
ABOUT RACKSPACE ENTERPRISE CLOUD SOLUTIONS
Powered by an elite team of Sr. IT Strategists, Architects, Solution Engineers and Sr. IT Consultants, the Rackspace Enterprise Cloud Solutions enables enterprises to harness the power of the hybrid cloud. Our extensive Advisory & Professional Services portfolio offers end-to-end solutions for our customers. Begin your Fanatical Support® experience with a complimentary IT Evolution Workshop, where our strategists help to define a cloud strategy and actionable roadmap that will propel your organization toward its optimized solution. Contact us at 1-800-440-1249 or send us an email at firstname.lastname@example.org schedule your workshop today.
Continue the conversation in the Enterprise Cloud Forum on Linkedin! Along with 670+ other IT professionals, our Rackspace Senior IT Strategists and Cloud Solution Architects debate some of the most controversial topics facing the enterprise.
Rackspace Hosting (NYSE: RAX) is the open cloud company, delivering open technologies and powering more than 205,000 customers worldwide. Rackspace provides its renowned Fanatical Support across a broad portfolio of IT products, including Public Cloud, Private Cloud, Hybrid Hosting and Dedicated Hosting. The company offers choice, flexibility and freedom from vendor lock in. Rackspace has been recognized by Bloomberg BusinessWeek as a Top 100 Performing Technology Company, is featured on Fortune’s list of 100 Best Companies to Work For and is included on the Dow Jones Sustainability Index.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER