What is the difference between Consumerisation of IT and Shadow IT? Both are user driven IT purchases (or free services) being brought into the enterprise, quite often without IT involvement.
Is the Consumerisation of IT just a politically correct way of saying Shadow IT?
CIOs have long battled against Shadow IT and how to prevent, control, deal with or remove it. The arguments for doing this have usually revolved around security, compliance, supportability and business risk. Although IT's fear of losing control has been an underlying theme.
A couple of recent articles got me thinking about the changing world of technology and what the Consumerisation of IT really means to companies and their IT groups.
Scary statistics on the future increases of Shadow IT were highlighted in the recent ComputerWorld article "The upside of shadow IT" (or should that say the growth in Consumerisation of IT?) by Julia King:
Gartner predicts that in less than three years, 35% of enterprise IT expenditures will happen outside of the corporate IT budget. Employees will regularly subscribe to collaboration, analytic and other cloud services they want, all with the press of a button. Others will simply build their own applications using readily available cloud-based tools and development platforms.
If you believe those statistics are bad, think for a moment about all of those free Apps and cloud storage utilities like Dropbox, Box.net etc that your staff are using (by the way, that includes your own IT staff who are probably the worst offenders!). Whether you believe Gartner's 35% prediction or not, it can clearly be seen that consumer driven IT in the enterprise is growing rapidly and there is little or nothing IT can do to prevent it.
The quick answer is yes, very worried. The ComputerWorld article goes on to say:
.... the corporate IT department will be bypassed. As one industry pundit put it, "it will feel like the inmates are running the asylum."
A recent Enterprise CIO Forum article "Unmanaged IT consumerization opens the door for compliance and cost concerns" by Paul Muller explains:
Sending end-users marching off unsupervised to procure their own devices and services willy-nilly will lead to a massive duplication of cost and business-crippling compliance problems.
The root of the problem with unmanaged consumerisation is “shadow IT”
Business customers already complain that IT is not responsive and lags in delivering what the business really needs. This dissatisfaction and unfulfilled need encourages people to find alternative solutions. This is particularly true within Sales and Marketing departments where they often require very fast turnaround times to react to changing situations. These groups can easily ask their marketing agencies to procure or create an IT related service as part of a marketing campaign. Whilst this is done with best intentions, is this new micro-site or App compliant with appropriate legislation? Is it capturing personal data in a secure manner?
CIOs are caught in what Martha Heller refers to as the CIO Paradox. The CEO holds the CIO accountable for all IT related matters in the company, including security, compliance, performance and availability, yet increasingly the CIO is unable to control all of these aspects.
The bottom line is that it is becoming easier than ever for the business to procure cloud based services without IT involvement and more worryingly without IT even knowing about it. Unless IT adopts a different approach to servicing the business they risk being sidelined.
Most CIOs accept that they can never prevent all Shadow IT and that staff will always undertake some activities outside of the core systems, be it via Excel, Access or more recently via cloud based applications or services.
IT must find a way to put in place standards, tools and frameworks that allow the business to take advantage of cloud based services whilst remaining secure, compliant, avoiding waste and duplication etc. These frameworks must also take account of, and provide opportunities for, integration with existing core systems.
IT's role will fundamentally change from being the implementer of everything, to becoming the overseer of standards and frameworks, facilitator of implementations and integrator of cloud services, and adding value through continued innovation.
CIOs must accept that IT cannot control everything and need to embrace the Consumerisation of IT given the massive benefits it can provide. They must find a way to help the organisation whilst still preventing it from doing something stupid.
See my blog for more on IT, Business and Change Management.