Should companies really blow up their IT departments?

This provocative and well-written article appeared in the Wall Street Journal this week. WSJ later shared the piece to LinkedIn with an even more eye-catching headline, “Want a Better Company? Blow Up Your IT Department First.” An intriguing snippet from the piece:

An intriguing snippet from the piece:

“Most companies are playing whack-a-mole when it comes to “unauthorized” software like cloud-storage services and productivity software. As soon as one group is banned from using a useful tool like Dropbox, someone somewhere else starts using it. Employees just want to do their jobs, and if corporate IT isn’t moving as fast as they are, well, whose fault is that?”

I was moved to compose a response to the piece (below in italics), and I’d love to hear your take on this. What do you think of the original piece and/or my response?

Mr. Mims’ piece nicely illustrates why Shadow IT providers have gained traction inside corporations. The software is easy to buy and use. And it can help technology workers be productive.

The piece falls short, however, in providing evidence that Shadow IT actually makes companies more competitive (as Mr. Mims claims in his first sentence). Do firms that embrace (or even grudgingly tolerate) Shadow IT really outperform peers on the bottom-line, or in public markets?

I suspect this more conclusive “upside” case for Shadow IT adoption is still to be made. The downside case, however, is a very real thing. Privacyrights.org maintains a chronicle of data breaches going back to 2005. Since then, 758 “unintended disclosures” of sensitive consumer information (like SSNs, financial information, etc.) have exposed nearly 230 million known records. That number jumps north of 1 billion when you count other breach events like hacking, malware, fraud, insider breaches, etc.

Consumers aren’t the only victims here. Shareholders lose too. Target Corporation is down 10% (while the S&P 500 is up 10%) since Target’s well-publicized data breach last December. The Target event and other breaches aren’t specifically an indictment of Shadow IT. Mistakes and mischief can happen inside or outside the firewall. But a big part of a corporate IT manager’s job is to protect the company’s vital information assets. All things equal, is it easier to protect information when it’s more, or less, under your control?

Lastly, regarding usability/productivity: let’s suppose Product A (Shadow IT) and Product B (Daylight IT) are equally easy-to-use, and equally productivity-enhancing. And let’s also suppose they are comparably priced from both cost-to-purchase and cost-to-own perspectives. Would not Product B be the better choice for organizations that have a requirement to protect key information assets? Mr. Mims essentially presents productivity and security as an “either/or” trade-off. But this is a false choice. In reality, it’s possible to give users the experience they want while providing the security those organizations (and their shareholders) require.

Your turn now. What do you think? Should IT stop fighting (and start embracing) Shadow IT ?

Share this post:

Leave a Reply

Your email address will not be published. Required fields are marked *