Shadow IT

  • Comments posted to this topic are about the item Shadow IT

  • I am a shadow IT warrior. Unlike most, I have a long (30+yrs) background and high respect for the principles that undergird IT. I exist (and am well-paid for it...) for exactly the reason you stated. The IT department take weeks or months to simply approve studying a new project, however small or large, then many more months until the project reaches the top of the list (if ever...) and then it is either no longer needed or business conditions have changed and the original URS no longer applies. If the project is undertaken, it suffers seriously from the IT group's distance away from the site, and its complete lack of business skills.

    Having said that, I routinely say to my client: "You should ask your IT folks to do that for you. It's not appropriate for me to do it." They always respond by saying I will be tasked to do it.

    Fortunately for them, I follow strict IT guidelines, back up my work, create appropriate security and recoverability, and ensure that my clients are well-trained and could transfer my work to their IT group with a minimum of difficulty if I were to die or become otherwise unable to serve them. That's my responsibility, I bill them for it, and they pay the bill.

    I am sad, though, that we're in this position. Few "shadow warriors" are as careful and experienced as I am.

    Jim

    Jim

  • What Jim said + 1

  • JimS-Indy (8/28/2012)


    I am a shadow IT warrior. Unlike most, I have a long (30+yrs) background and high respect for the principles that undergird IT. I exist (and am well-paid for it...) for exactly the reason you stated. The IT department take weeks or months to simply approve studying a new project, however small or large, then many more months until the project reaches the top of the list (if ever...) and then it is either no longer needed or business conditions have changed and the original URS no longer applies. If the project is undertaken, it suffers seriously from the IT group's distance away from the site, and its complete lack of business skills.

    Having said that, I routinely say to my client: "You should ask your IT folks to do that for you. It's not appropriate for me to do it." They always respond by saying I will be tasked to do it.

    Fortunately for them, I follow strict IT guidelines, back up my work, create appropriate security and recoverability, and ensure that my clients are well-trained and could transfer my work to their IT group with a minimum of difficulty if I were to die or become otherwise unable to serve them. That's my responsibility, I bill them for it, and they pay the bill.

    I am sad, though, that we're in this position. Few "shadow warriors" are as careful and experienced as I am.

    Jim

    I've spent the last four years as a shadow warrior. There are several reason for this. The first is a general sentiment from "the powers that be" that IT is a cost center, not a profit center, and therefore, the less staffing IT has, the better. This has lead to the usual problems of an overworked IT staff not being able to respond in a timely fashion to user requests. (That's not always bad, as some user requests are just plain silly. I've always thought IT should act like a vendor to other departments, each with it's own budget for IT services. When IT services are "free", there is, ceteris paribus, greater demand for it. There is no check regarding economic value of the IT requests before they are made.)

    The result, the second reason for my shadow warriorhood, is the unwillingness of some managers to let the aforementioned short-sited management views cripple their department's productivity. So, for example, my old boss created a non-IT position for me, with the understanding that I would spend about half my time (ended up being more lke 80%) on IT work: screen development for the MRP system, stored procedures, ad hoc queries that often evolved into regular Crystal Reports, macros, spiffy spreadsheets, (because we dare not bring in Access! The powers that be would rather see small databases stored in spreadsheets!), et al.

    Fortunately, I am a formally trained computer scientist. Many of the ad hoc homegrown solutions I encounter are done in a sloppy manner, by well-intentioned amatuers. The best interests of the enterprise are served when anything bigger that a onetime use spreadsheet is done by someone that knows what they are doing. Until senior management changes their opinion of the proper application of IT resources to the enterprise, there will be a shadow warriors among us.

    [font="Verdana"]Please don't go. The drones need you. They look up to you.[/font]
    Connect to me on LinkedIn

  • I'm another Jim that is with Jim. 30+ years and the situation is that a central IT for 40 plus hospitals and a very large number of attached facilities/services in many other cities makes for a situation where the central IT can't do the job completely for all those outliers. I work closely with the central folks and indeed do a number of their functions for them in the larger distributed world they are responsible for and do have a good relationship with them. They in turn do some of the functions on my servers, collecting my backups to a central service, maintaining OS and db server updates, security and otherwise. We meet regularly to discuss issues and in those 30+ years we actually haven’t come to any real knock down dragouts but we have had differences of opinion which have been resolved to, mostly, both parties satisfaction. I have been and am now part of a number of projects involving data sharing between dissimilar systems and have a very good reputation for taking the lead in a number of these projects as I have a more liberal knowledge of many systems where they tend to specialize.

    The only real difference is that our paychecks come from different sources, theirs corporate, mine local system. I am responsible for the local apps and db’s that usually are specific to specialized services not covered by other facilities around the country and they primarily handle the global apps and db’s used by all the facilities. There are a very few isolated fellows and gals like me at some of the other large facilities and it works.

    The point is that there is a need in some instances for your ‘Shadow Warriors’ and so long as those of us can do the job effectively and professionally, keep ourselves current in systems and security and can do a better job maintaining the smaller systems we are responsible for then a central service can, we will still remain out here in the wild, tweaking noses and doing a real job.

  • ... though I know a central IT staff will necessarily do a better job.

    This is the only thing I have disagreed with.

    A well-trained, well-staffed central IT probably would, but as has been indicated that is, and by my experience as well, often not the case. When the idea of service is lost, all is lost.

    <><
    Livin' down on the cube farm. Left, left, then a right.

  • I've always been a shadow IT guy. Central IT is undermanned and often under trained. Like the others here, I've also done task for clients that their IT deparments didn't have the time or skill for. Yesterday I had to explain simple batch files and task scheduling to a client IT person with 3 certificates in their signature. :w00t:

  • Jim nailed it. I've been in the shadows from the beginning of my career which prompted me to get my BA in Information Systems; however, in the short term that resulted in greater frustration in regards to tools and processes. Working for the business rather than IT, every decision is based on turn around, speed and cost. My company has a very large IT department; however, you can't get simple advice about what type of project to initiate without citing a cost center and waiting a few months just to begin the process of consulting IT on the simplest of projects...thus we shadows continue to spawn adding to the stress of IT.

    But to Steve and Jim's points I believe there are two types of shadows in the organization.

    The Blind Spot is similar to the accidental DBA, a novice that has been tasked by himself of the organization to create a needed "blind spot" solution with insufficient knowledge or the tools to apply IT principals by an environment that is in need of immediate help with little or no additional cost resulting in a blind spot for IT. Many of us shadows start here (me included). I agree, however, that these Blind Spots can cause significant damage if left without some type of quality monitoring in place. I've personally ran across one individual that is now banned from coding in any form for the organization because of numerous mistakes resulting in terrible audit findings. It's a pity because they had potential, but no support.

    The Shadow Knight, many of which have evolved from Blind Spots, have learned many of the needed principals even if they still do not have the necessary tools and resources (I could revolutionize my business group with a single dedicated SQL Server instance, but it will never happen) while proving themselves to the organization. These individuals have become an advocate for IT constantly buzzing in the ear of management that "Yes, I can do it this way, but you should really reach out to IT and...." while watching the friends they've gathered through blood, sweat and tears within the IT organization shake their heads at their poor Shadow Knight contemplating falling on his own sword because of the deafness of their own management and the slowness of their own leviathan IT department.

    Now, if you'll excuse me, I need to get back to sharpening my sword...

  • The first company I worked at was *all* Shadow IT. It was a small company which employed a large proportion of IT-savvy people (programmers, mostly), so they just relied upon whoever was nearest to sort out problems. I became the company's main IT person when they'd grown to a point where the old way simply wasn't working, and even then, I was still officially called a programmer and expected to spend 20% of my time programming; it was only when I ended the year having spent maybe 4% of my time doing the job I was supposedly paid for that they bit the bullet and made me full-time sysadmin.

    Still, I sometimes miss those days. Yes, everything was a bit chaotic, but the one thing you could never call it is routine... 😉

  • Well run Central IT (CIT) does a more thorough job for the organization... taken as a whole, and filtered through operational (not stated) organizational priorities.

    Well run Shadow IT (SIT) can get faster, more responsive results.

    Either, poorly run, gets poor results.

    This is similar to the tragedy of the commons, in that any one department is better served for any one immediate need by doing it themselves... usually at a poorer cost-risk-benefit to the organization as a whole, if there are overlapping requirements, regulatory or legal issues, disaster recovery issues, and so on factored in.

    Well run CIT that is not extremely well budgeted cannot (and usually should not) be as responsive to any one requesting department's own SIT.

    CIT needs to balance the priorities of the entire organization - individual departments do not.

    CIT needs to operate more efficiently; which means if Department A wants X, perhaps Departments F and Q want X, too, CIT should gather X requirements and see if we can do X only once. SIT just "does it", quick and dirty.

    CIT needs to plan for maintenance and ongoing costs (financial, manpower, compute resource contention, etc.) over the next N years. SIT rarely cares about anything but their own immediate results.

    CIT needs to keep regulatory and legal requirements in the forefront. SIT often doesn't know... or doesn't care to know... or doesn't care... about those requirements, again being focused on their own internal desires.

    CIT cares about disaster recovery based on how much the organization does. SIT rarely considers this.

    CIT needs to make informed choices about purchasing based on the needs and operational priorities of the organization as a whole. SIT does not and can not do that.

    SIT generally knows that area of the business well, and can translate very vague requirements into something close enough to what the requester expected to pass muster. CIT needs much more detailed requirements, may have internal QA processes, and hopefully cares more about true accuracy measurement.

  • I do resent the notion that "SIT" cares more about a quality product. I produce a quality product that has been through a careful QC process. But I know what you mean.

    My client and I collaborate to ensure we've produced a reliable, accurate picture of the data, and that the data are as reliable and accurate as we can make them.

    // end rant

    Jim

  • JimS-Indy (8/28/2012)


    I do resent the notion that "SIT" cares more about a quality product. I produce a quality product that has been through a careful QC process. But I know what you mean.

    My client and I collaborate to ensure we've produced a reliable, accurate picture of the data, and that the data are as reliable and accurate as we can make them.

    // end rant

    Fair enough, and certainly on an individual basis there can be Shadow IT that does an excellent job for their department.

    I would ask two questions:

    Do you believe you're representative of either or both of the average, or the median, Shadow IT person?

    Do you believe your client is representative of either or both of the average, or the median, Shadow IT client?

  • I think a well managed shadow IT group is just as valuable as a central IT group. I suppose I am a quasi-shadow warrior.

    My entire team started off as a shadow IT team for the same reasons expressed by others (more responsive, better customer focus, etc). Over about 10 years we were able to get enough backing from the business to become a legitimate IT department. We started off by filling needs that the business had that IT wasn't responding to. Eventually our tools and sites became an integral part of the business for some groups. While we are still not part of central IT, we have managed to get many of our servers under their care. We still do our own development, requirements gathering, troubleshooting and support but at least now we aren't dealing with hardware issues. We work with IT when it comes to network access, spec'ing out hardware, SAN storage and backups so as to take advantage of the architecture and resources there but we do everything else ourselves. We support thousands of customers and the business is happy. We try to keep IT best practices and rules in mind with our systems even though we technically don't have to but we also manage to avoid some of the unnecessary overhead that large IT organizations tend to have. We turn work around much faster than our IT team does and we do not require as large of a paper trail to get things done.

    We like the flexibility to get development done quickly and when we work with the central It group, nothing gets done quickly. We don't want to merge fully into that IT group and lose the benefits we have today. Plus the business doesn't want us to transfer because they are afraid that we will be bogged down with red tape and that they will lose the responsiveness that they have come to expect. They are probably correct. That's why the company let us thrive in the first place.

  • Tobar (8/28/2012)


    ... though I know a central IT staff will necessarily do a better job.

    This is the only thing I have disagreed with.

    A well-trained, well-staffed central IT probably would, but as has been indicated that is, and by my experience as well, often not the case. When the idea of service is lost, all is lost.

    typo. should have been "not necessarily".

    My apologies.

  • In my 18 year IT career, I've been on both sides of the fence at various companies I've worked for. At one company I was even on both sides at various points in time. That company was the classic IT bottleneck situation, where the Marketing department started their own web group to be more responsive (and often produced higher quality results) than IT. They managed their own servers and did quite alot with few resources using highly tallented people.

    Another company I was a contractor for several months in one of those shadow groups that had outgrown Access databases and I was helping them migrate to SQL Server. In their case, the migration agreement had the IT department providing basically a working black box for their production environment. The IT department only kept it running and applied change scripts written by the shadow group. While this group wasn't as knowledgeable as the other company's shadow group, the results were still good, and they used contractors like me to help get them up to speed on using the different technology.

    Overall I'd say shadow groups are not necessarily a bad thing, and in any corporate environment where the business feels its needs aren't being met, they will exist. It's a matter of those IT departments failing to rise to the challenge of the speed of modern business. Where I have seen a problem is at very small companies where there isn't any IT group, or they depend on someone's son or nephew to do all their IT work for them in spare time. They typcially don't know what they don't know, and have to learn the hard way why some of the things are done the way they are in corporate IT

Viewing 15 posts - 1 through 15 (of 27 total)

You must be logged in to reply to this topic. Login to reply