Saturday, December 3, 2016

A concern for decentralisation ... and shadow IT

I read with interest about the article "Confirmed: Cloud no longer purchased or managed just by IT" from ComputerWorld Malaysia.

It just shows a concern I have about the growth of shadow IT , and IT dept decentralisation.

When I say shadow IT, I mean that certain IT related roles & jobs (IT services , IT systems setup & deployment, data storage , etc) are being taken & done by individual departments, without IT department consultation or knowledge.

When I say decentralisation, I mean that certain departments are taking the role of running certain systems ( example : cloud based applications, online ERP system , online office productivity & collaboraiton solutions ) from the IT department , thus decentralizing IT services.

Why the concern? The concern is simple.

When other departments run IT solutions on their own, they just want to use it to get their work done. They do not look into various aspects WHICH INCLUDES :

a) Compliance to ISO27001/2/3 or Information Security management standards, and good IT management and governance (etc COBIT).
b) Evaluation (features , requirements, suitability to users , support given, emphasis on security, infrastructure requirements & feasibility)
c) Third party assessments ( IDC, Gartner, products reviews, etc )
d) Product lifecycle & upgrade cycles .
e) Comparison between various vendor offerings, and possible internal IT & cloud solutions provided by parent companies / HQ (features, deliverables, cost).
f) Return on investment of product (ROI) and fulfillment inline with company business goals.
g) Compatibility with existing IT systems (if not it will become a silo system).

..............And the list goes on.

These aspects are usually evaluated and filtered by the IT department.

If these are not evaluated, they could end up giving more cost (or risk) to the company, and not getting what you want with the money spent.

And if something goes wrong, or there was an data loss / security incident, or there is incompliance, they fall back to the IT department, who had no role in it, in the first place.

This can create additional workload for IT department, in terms of troubleshooting, compliance and compatibility integration of this new system to the current IT systems. More of often than not, business owners would want data from the new system to be integrated with existing IT systems, which may not be readily compatible. Not only that , in the case of incidents of data loss , leakage, or security breach , IT department would need to do investigations and countermeasures, which includes additional costs.

In the article, it is mentioned that "84 percent of respondents now also believe the IT department should be responsible for helping other lines of business to drive innovation and must set the strategic direction and be accountable for security".

If so, how can IT department be accountable for something they were not involved in?

The solution is simple : In driving towards innovation and business goals, it is important to have IT department on board , all the way, not half the way.

Based on the article "IT Centralization or Decentralization? - Harvard Business Review" , it mentions that "Decisions rights define who makes what decisions about IT. In allocating rights, a loose rule of thumb is that line managers should have authority over what services are delivered and IT should have authority over how the services are delivered."

Put it simply, business related departments should state what services are required , and IT will handle how it is delivered.

In the article "Following both sides of the decentralized vs. centralized IT debate - SearchDataCenter", there is some good points in the debate between a centralized & decentralized IT. Centralized IT benefits includes (i) to meet centralized compliance requirements, (ii) reduces data processing costs by server consolidation by merging systems and virtualization, (iii)  reduces hardware and software costs through bulk purchases & discounts, (iv) centralized functions and reduces redundant IT staffing, & (v) cost effective maintenance. All this can lead to faster & effective service delivery, under one authority , that is IT.

All in all, despite the growth and automation offered by cloud platform solutions , centralized IT dept is STILL the way to go in the long term.

Reference :
a. Confirmed: Cloud no longer purchased or managed just by IT - ComputerWorld Malaysia -

b. IT Centralization or Decentralization? - Harvard Business Review (July 2008) -

c. Following both sides of the decentralized vs. centralized IT debate - SearchDataCenter -

No comments:

Post a Comment