Out of the shadows: Rogue IT is becoming CIO business as usual
The consumerization of IT and increasing demands for business agility are forcing the evolution of rogue IT. How are CIOs responding?
There's no place in Bart Murphy's organization for rogue IT. The CIO/CTO at the CareWorks Family of Companies in Dublin, Ohio, makes it part of his IT mission to ensure that surreptitious technology purchases just don't happen.
That's because another big part of his mission is to make sure the 1,000-plus employees at CareWorks don't need to buy technology on the side to get their jobs done.
"If you have a rogue IT unit, there's something broken between your business and IT," Murphy said. "It's either a broken relationship or a broken delivery system." At CareWorks, IT meets efficiency. Any process that can be, is automated; production cycles are short and governance tight. The result is an IT organization freer to innovate and support business agility.
Murphy's diagnosis is no doubt on the mark. IT departments exist to enable the business. But these days, even the most business-aligned CIOs may feel that eliminating rogue or shadow IT is mission impossible -- and not because it's in the shadows.
Bart MurphyCIO/CTO, CareWorks
Gone are the days when rogue IT amounted to an unsanctioned PC buy or personal servers under desks. The consumerization of IT has not just ushered in hordes of sanctioned and unsanctioned mobile devices. The devices themselves have accelerated the pace of business. Success is measured in large part today by how quickly a business can respond to market changes. And if there's an easily procured file-sharing app or collaboration tool that can help -- well, the data suggest that many business units are not worried about how this ad hoc technology purchase could affect the company's enterprise IT architecture. The question is, what should CIOs be doing about it?
Enabling 'innovation at the edge,' bolstering agility
By now most CIOs are familiar with the attention-grabbing prediction by Gartner analyst Laura McLellan a couple of years back that a company's chief marketing officer (CMO) will spend more on IT than the CIO by 2017.
Advice for CIOs on dealing with rogue IT
- IT's interaction with business partners needs to become more consultative. That means being comfortable providing advice and guidance, even if it's not involved in the delivery of services.
- IT needs to become more flexible. Traditionally, IT wants to begin at the beginning of an IT project -- and follow the steps in order. If the business comes to IT having done some of the work already and wants help in finishing it up, that's a problem at many IT shops. IT needs more "on ramps," or ways in which the business can start working with IT at multiple points along the project.
- CIOs need to convince their teams that rogue IT can be a good thing. That means creating: a climate more open to risk-taking, more collaborative and more willing to adapt to business drivers.
Andrew Horne, managing director, CEB
But Andrew Horne, a managing director at Arlington, Va.-based advisory company CEB said the shift in technology spending is both less extreme and more widespread. In a recent CEB survey, the data suggested that 40% of current technology spend is now happening outside the CIO's control, -- and of those expenditures, CIOs are only aware of about half. But technology buying is not all happening in marketing.
"The CMO is one of a number of executives who collectively are spending 40% of what the CIO is spending," Horne said. While the marketing and sales divisions' IT initiatives may be the most visible, departments from HR (performance management software) to finance (analytics) are making IT spend an ever bigger part of their budgets.
But spreading around the technology spend should not be equated with the Career is Over version of the CIO job. Not all rogue technology buys are bad lots, explained University of Michigan CIO Laura Patterson.
If rogue IT means the CIO is unaware of the project, and the project is not aligned with the organization's IT strategy and will result in redundant services, that type of rogue IT is never good, Patterson said in an email interview.
But she does believe that cutting-edge technology development in business units built on shared infrastructure, supported by central IT and by processes that can move those "edge technologies" to the core, can be a very effective model for providing reliable production services and faster innovation.
At the University of Michigan, a large, diverse research institution, Patterson has curbed rogue IT by knowing users and giving them what they want. When employees looking for better, faster options for storage began adopting commercial cloud solutions without contractual protection for university data, her team stepped in.
Understanding the need but recognizing the risk, Patterson's team adopted cloud storage and file-sharing services from Box.com. Implementation was quick and served users' needs, and curbed further rogue activities because it was the type of easy-to-use solution they were looking for. IT gave them what they wanted.
Patterson's team has also created an IT services portal that provides the university community with a catalog of IT offerings, both departmental and central. It's hoped users will check the site before seeking outside solutions. Their vision is that the portal will result in higher consumption of shared services and increase collaboration.
"We're too early in the use of the catalog to know if it's successful, but we are very optimistic about the potential to reduce rogue IT, increase use of shared and central IT, and increase collaboration and innovation across the university," she said.
CareWorks' CTO Murphy has curbed rogue IT by keeping communications channels with the business open -- all the time.
"If you're meeting with them once a quarter to get a list of stuff you're going to work on, right there you're missing the boat on something that occurs every single day," he said. "That's why our teams meet daily -- weekly at the maximum."
CareWorks' six businesses include five healthcare management companies and a technology services provider. With hundreds of employees in the field and dozens of client companies relying on fast, efficient turnaround on medical management claims, the IT department has to be responsive for the business to remain competitive, he said.
"You've got to be able to respond today, so you've got to start aligning your processes," Murphy said, starting with business/IT processes for procuring technology.
The second part of this two-part story looks at how CIOs can separate useful rogue IT from harmful rogue IT.
Let us know what you think about the story; email Karen Goulart, senior features writer.