Almost everywhere I look, IT is treated as a cost center. Their goal is often to cut costs (expenses) to be as low as possible. But, this isn’t working well for them or the companies that treat things like this. In companies like this you end up with shadow IT, lines of business who are held back (which hurts income), or a little of both. Let’s explore what this means.
The Customer of IT
IT departments typically serve other departments in companies. That means, those other departments are their customers.
This is an idea I learned early on in my career. My first post college manager used to survey our internal customers for feedback to learn how we could do a better job. This wasn’t an IT job but our customers were other departments in the company. The better we serviced the other departments the better they were able to service the external customers.
Figure 1: Everyone has customers. Some of them are internal to the company. Some are external.
Not all customers are external. Some are internal to a company.
Shadow IT is everywhere. Shadow IT happens when the companies IT isn’t providing sufficient services for the line of business to do what they need to do.
Why does this happen?
I’ve experienced several reasons…
- Cost cutting by IT has left them unable to meet the needs of internal customers.
- The internal customer needs a service IT doesn’t offer.
- IT is slow to respond to internal customer requests. When this happens for external customers people tend to shop elsewhere.
- IT is putting unnecessary constraints on their internal customer.
When these situations happen a line of business may take their business elsewhere.
Technology Spend Gone Wrong
Picture this… you have two different large departments in a company. What IT provides them is insufficient so they go to external vendors. It’s not unusual for teams like this to not communicate so let’s imagine they go with two different vendors. I’ve personally seen the multi-vendor issue numerous times.
Instead of one service that everyone can use that meets needs cost effectively you have three services with the overall cost and complexity structure not being ideal. Unfortunately, the whole picture just isn’t tracked well so it’s out of sight and out of mind.
Most weeks I read at least one story about someone being hacked. I’m aware of far to many places that have security theatre rather than a focus on the things that make security work.
You might be wondering, what does this have to do with cost cutting and shadow IT?
This situation I just described creates an environment where security exploits are more likely to happen and are less likely to be found. This happens for a couple reasons:
- Cost cutting usually ends up including things needed for security. You don’t put the expense in to document details, scan for issues, perform threat analysis, and so forth. Cutting costs almost always cuts security.
- When services are managed by different groups there is a lack of situational awareness. This makes it more difficult to spot security issues or breaches. Each team has to handle their own security since the company, as a whole, doesn’t have insight into all the things.
Split focus isn’t just bad for cost, it’s bad for security, too.
Enabler Rather Than Cost Center
If IT thinks of themselves as a customer focused organization working to protect the company they have a great opportunity to both justify their costs and lower their companies overall costs all while improving security.
The way to approach this is that IT has customers. Other departments. By enabling them to be successful at their needs, which means growing and changing as their internal customers do, they can enable the whole company to do things better and more securely.