Shadow IT: Friend or Foe?


Every now and again, I see articles, posts and comments about “Shadow IT“, nearly always cast as a negative phenomenon–something to be avoided, challenged, even eliminated. As an example, Information Week recently published an article entitled “Shadow IT: 8 Ways to Cope.” While all the suggested ‘coping mechanisms’ make sense, I’m always concerned that Shadow IT is treated as an evil force to be eradicated as opposed to a powerful capability to be encouraged and leveraged.

What Do We Mean by “Shadow IT?”

Sometimes called “Stealth IT”, Shadow IT usually means work that ‘should’ be performed within the ‘formal’ IT organization but is instead performed by non-IT professionals inside business units. The implications of Shadow IT can include systems that don’t meet requirements of security, privacy, integrity, or compliance with standards, such as Sarbanes-Oxley, Basel II or PCI DSS.

The degree to which Shadow IT solutions violate such standards, and the implications of such violations is rarely considered. Shadow IT is considered a scourge on the landscape that must be eliminated.

The Other Side of Shadow IT

The problem with tarring any form of IT work handled outside the IT organization with the “Shadow IT” brush is that it misses a key trend, and ultimately, a powerful opportunity. This is something I’ve referred to in this blog over the years as “Business-IT Convergence.”

The reality today is that:

  • Information and IT are pervasive–everything can and is being digitized in some way.
  • IT literacy is increasing–people enter the workforce expecting the same level of connectivity and user friendly tools they have at home.
  • Demand for IT solutions continues to far exceed supply–it is frustrating to have a need stuck in a ‘backlog’ with the knowledge that it may take months or even years to deliver valuable functionality.
  • Cloud services such as Software as a Service and Infrastructure as a Service are proliferating–there are a growing range of low entry cost and effective solutions available for almost every apparent business need.

As a result of these forces, the “high priests and priestesses of IT” are no longer the only source of IT talent. In some ways, the cat was out of the proverbial bag with the invention of the minicomputer, and given free reign with the invention of the PC and of spreadsheet tools like Visicalc. These tools enabled a non-programmer to quickly do the work of a highly skilled FORTRAN programmer–usually in a fraction of the time!

When Does Shadow IT Become Embedded IT?

The real danger with Shadow IT is when it truly is hidden in the shadows–when the real costs of IT are buried, when the risks associated with legal or regulatory compliance is real, or when solutions have low integrity.

The best ways to head off this danger is to go ‘with the flow’ inherent in business-IT convergence and encourage embedded IT by providing the infrastructure to safely support it.

Without meaning to introduce politics into my blog (something I’ve managed to avoid since the first post in 2007) President Obama is pursuing engagement with Cuba with the argument that 55 years of embargo have not been effective. Whether or not this is the right policy, I believe IT professionals have to reach out to Shadow IT groups, learn why they exist, and find ways to embrace them and bring them ‘out of the shadows.’

Bringing Shadow IT into the Light

There’s a ton of valuable information in the existence of Shadow IT:

  1. What needs does Shadow IT fulfill and why weren’t these needs fulfilled by ‘official’ IT groups?
  2. How are Shadow IT groups and activities staffed and funded, and how can this activity be legitimized?
  3. How can an infrastructure be established that includes appropriate governance and funding mechanisms that clearly delineate ‘departmental’ needs and solutions from those that should be leveraged across departments or the entire enterprise?
  4. What is the best way to connect Business Relationship Managers into embedded IT groups?  What is the nature of the BRM role with these groups?

There’s also a ton of valuable knowledge within the Shadow IT groups:

  1. What types of knowledge exist in the Shadow IT groups?
  2. Are there ways to better capture and tap this knowledge?
  3. Are there other groups that don’t have access to this knowledge that could benefit from it?
  4. What other knowledge could these groups benefit from, and what is the best way to make that knowledge available to them?

So, I suggest looking at Shadow IT as a positive rather than a negative force–as a source of information and knowledge and as an early form of business-IT convergence. If you can’t beat them, embrace them.  Bring them out of the shadows and help establish them as a part of a highly effective enterprise-wide IT operating model.


Cartoon courtesy of Enterprise Efficiency

Business Innovation: Processes, Techniques and Tools for IT Business Relationship Managers


Shameless Promotion!

Disclaimer: This post is a promotion for my one-day training event in Portland, Oregon on Friday, May 29, 2015, 9:00AM-4:00PM PST. This training session follows BRMConnect, the world’s first and highly anticipated conference for BRMs being held at Cascade Crest Conference Center on May 26-28 in Portland’s picturesque Washington Park on the grounds of the Oregon Zoo.

Act now–this event is being limited to a maximum of 20 participants, and there are only 5 seats left!

Why Is This Important?

To survive today, organizations must be adept at making effective use of IT to support business operations and administration. This has become “table stakes” for organizations of any size or purpose. Only a few organizations, however, reach beyond table stakes to truly innovate business products, services, processes, and business models, even though today’s technology landscape offers a host of innovation enablers, such as:

  • Cloud-based services and solutions with very low barriers to entry
  • Low cost sensors, tag, cameras, etc., with RFID, GPS, bio- and telemetrics, etc.
  • “Big data” analytics for making sense of the environment
  • Social tools for collaboration and engagement with customers and workers
  • Mobile everything; the “Internet of Things”
  • Electronic wallets and payment systems
  • 3-D printing
  • Crowdsourcing
  • Gaming, Massively-multiplayer online gaming
  • eLearning, Massive Open Online Courses

New Processes, Techniques and Tools for the IT BRM

How do BRMs become business innovation catalysts? Innovation research highlights new methods that can be effective in surfacing, evaluating, selecting and exploiting business innovation opportunities, including:

  • Design Thinking
  • Mind Mapping, Heat Mapping and Dialog Mapping
  • Innovation Jams
  • Social Network Analysis
  • Modeling and Simulation
  • Prototyping
  • Sentiment Analysis
  • Prediction Markets
  • Innovation Labs
  • Systematic Inventive Thinking

This one-day course will discuss the BRMs role in business innovation and explore processes, tools and techniques for stimulating, surfacing and exploiting IT-enabled business innovation opportunities.

Course Learning Objectives

Today’s IT BRM must be knowledgeable in the ways of IT-enabled business innovation and skilled in the underlying techniques. Though this one-day course you will learn:

  • The importance of “Innovation Intent” and how to create it
  • Distinguishing between Invention, Innovation and Improvement
  • Innovation lessons from the world of improvisation–an experiential learning session led by improv master, Gary Hirsch, co-founder of On Your Feet
  • Tools and techniques for innovation Discovery
  • Tools and techniques for implementing innovation
  • Key Organizational Principles of innovation and how to assess them
  • Design Thinking and the Innovation Process
  • Enabling the Innovation Process with technology
  • Illustrative Case Studies in IT-enabled innovation

Please click here to find out more about this course. Please visit BRMConnect 2015 Registration page to register for this class.

Fostering Business-IT Convergence – Business Relationship Manager as a Synchronicity Coach


The more I teach, the more I learn!  Last week I wrote about the boxing metaphor for Business Relationship Management–a metaphor that surfaced during a recent onsite Business Relationship Management Professional® (BRMP®) certification course I was teaching. This week, a new and surprising metaphor surfaced in my online version of the course–that of Synchronicity Coach.

Learning Through Metaphors

Early in the BRMP course, I ask participants what metaphors come to mind for them when they think about the Business Relationship Manager role, and this week one of the participants offered “Synchronicity Coach.” I asked him to say more about his metaphor, and he said:

Both business and IT need to constantly adapt to changes in the information and Information Technology landscape.  The natural tendency is to adapt over independent paths, which is not healthy. The BRM role exists to bring these independent adaption paths into synchronicity.

I thought this was a very astute perspective. I’ve blogged in the past about the notion of “Business-IT Convergence”–going well beyond the elusive “Alignment” goal (which always feels reactive) to something more proactive, that recognizes that:

  1. Business executives and managers are becoming ever more IT literate.
  2. Information and IT are becoming every more ‘consumerized.’
  3. The role of the IT organization is shifting from the ‘doers’ to the ‘enablers’ and ‘coaches’.


Wikipedia defines Synchronicity as:

The occurrence of two or more events that appear to be meaningfully related but not causally related. Synchronicity holds that such events are “meaningful coincidences”. The concept of synchronicity was first defined by Carl Jung, a Swiss psychiatrist, in the 1920s. During his career, Jung furnished several slightly different definitions of it. Jung variously defined synchronicity as an “acausal connecting (togetherness) principle,” “meaningful coincidence,” and “acausal parallelism.”

Certainly, business is evolving in its relationship to information and IT, and the IT organization (or, more correctly, the IT Operating Model) is evolving in its relationship to Information Technology and the enterprises and business units it supports. So, I think that what my participant was referring to the BRM as a coach in fostering Business-IT Convergence:

  • Helping the business harvest more value from information and IT.
  • Helping the IT organization be more responsive to, and anticipate the needs of the business units/enterprise they support.
  • Increasing the transparency of IT to the business and business to IT–fostering porous boundaries that allow Business-IT Convergence to be a natural evolutionary response to Cloud Computing, Consumerization of IT, “Big data” and so on.

The best way to learn is to teach!

Business Relationship Management with Boxing Gloves!

buying-cheap-boxing-gloves-onlineI love teaching the Business Relationship Management Professional® (BRMP®) course! They say that the best way to learn is to teach, and I always learn from my course participants.

I was teaching a course last week and went through my usual routine of asking the participants what metaphors they thought come to mind when they think about the BRM role. The answers are always revealing and sometimes surprising. In last weeks course, one of the most seasoned BRMs said, “Boxer!” I was initially taken aback, but as he went on to describe his choice of metaphor, I realized what an apt metaphor boxing represents.

Not An “Order-Taker”!

Some novice BRMs fall into the trap of becoming an “order-taker.” All business requests are seen as good requests, no matter what the potential to deliver real business value. The seasoned BRM, by contrast, knows how to deflect low value requests, as a boxer deflects his opponent’s punches.

Not An “Account Manager“!

Some novice BRMs think of themselves as “Account Managers”, making sure the business partner‘s needs are routed to the proper people in the Provider organization. This is a dreadfully limited role, and sooner or later someone is going to wonder why we have such seasoned, skilled resources adding so little value. Boxers fight for themselves–they understand the stakes and work every day to prove their worth.

Not A “Gap Filler”!

Weak BRMs are victims of dysfunctional Provider organizations–stepping in to fill any and all gaps in their business partner needs that are not being adequately met by the Provider. Strong BRMs deflect low value requests. They challenge dysfunctionality in the Provider organization, bobbing and weaving to move the Provider to a more responsive role. Willing to throw a punch when necessary, appreciating that to not do so is to become a punching bag for someone who is not stepping up to the plate–who is not delivering what they are supposed to deliver.

Throughout the 3-day course, the seasoned BRM who offered the boxing metaphor went on to offer many real examples of how he had pushed back and steered his business partner away from low value requests towards high value opportunities. He offered examples of how he had refused to collude with dysfunctional Provider behavior, while stepping in to point out shortcomings in Provider services or processes, and offering to help fix these–once!  There were no second chances. Let the business partner down a second time and you received the knockout punch!

Like I said, I love BRM training!

What metaphors do you find especially enlightening about the BRM role?  Answers on a postcard, please!  (Or even better, as comments on this post!)

The BRM and Shared Services

Shared_Services_89180833Some years ago it seemed that much of my management consulting work was helping large, complex corporations implement some form of global shared business services.  This was always challenging, disruptive, but ultimately fascinating work.  There were always significant benefits to be had (cost savings, service improvements, increased leverage and collaboration) and in some cases, figuring out the synergies among disparate business units was almost literally a ‘game-changer’.

The Keys to Effective Shared Services

I have not been particularly tracking the shared services trend for the last several years, but I wonder why I am not seeing more of it among my Business Relationship Management consulting clients and trainees? After all, the keys to effective IT services are more broadly applicable to all shared services:

  • Strong Service Management discipline
  • A focus on Service Value
  • Global sourcing
  • Integrated measurement and governance across all Shared Services
  • Business value focused Relationship Management

Information Technology is not a Solution

Furthermore, in today’s business climate of continuous change and rapidly emerging technologies, sustainable competitive advantage is rarely gained from IT alone. Today, it is more commonly the combination of:

  1. Better information enabling better decisions or new services
  2. New technologies enabling better business processes or business models
  3. Smarter, more collaborative, more engaged talent

These three dimensions demand a strong synergy among technology, business process and human resource experts. And yet, traditionally, these three disciplines have not always worked together synergistically. For me, cost savings notwithstanding, achieving 1., 2. and 3. above is the best reason for shared services.  In other words, it’s not an efficiency play, it’s an effectiveness play.

Shared Services Maturity

Shared Services Maturity

Shared Services Maturity

Regular readers will know that I am fond of using maturity models as a way of making sense of the world.  The Shared Services Maturity Model above surfaced through a multi-company research collaborative I was part of back in 2006. I’m pleased to say that many companies have made progress in maturing their shared service capabilities over the last 10 years, but the progress is slow, and it is still the rare minority that are really achieving the benefits of Value-centric Shared Services.

If you are an IT Business Relationship Manager, imagine how much more impact you could have if your domain was people, process and technology!

Are Consultants Providing Bad Business Relationship Management Advice?

Danger Bad Advice AheadAnother post inspired by a question from a BRMI member on our BRMI Online Campus – the wiki-based home of the BRM Interactive Body of Knowledge and the platform for BRMI member networking and collaboration.  Here’s what the member posted (with minor edits to protect the guilty!):

I attended a presentation regarding the evolution of a BRM role for IT Professionals.  The audience consisted of senior IT leaders from VPs up through CIOs.  The presenter was from a well known IT consulting firm.  I found it interesting that after his 45 minute presentation he never went above the level of BRMs being a Service Provider.  I had to offer my feedback that while I felt he did a fine job of presenting the role of a service provider, he did not have the entire picture of a true BRM.  I touched on the fact that BRMs need to do more, that they need to fill that role of an adviser, an expert and a strategic partner.  That resulted in some very good discussion for which he said he was appreciative, yet I wonder if others are experiencing other consulting firms portraying a very limited (and limiting!) perspective on the BRM Role?  Do you get the sense that our Business Partners are being told by outside firms that all they need are service providers?  I know I deal with that mind-set frequently in my organization and have to educate my clients on how we are engaging at a much higher level when we meet.”

Though not pertinent to the excellent question (and its implicit observation) I feel compelled to share what else the member said in his post:

I had several one-on-one discussions following the presentation and I told most all of them to become BRMI members.  I explained to them how helpful BRM Online Campus can be to them on their journey to building a better partnership model with their clients.”

I found the member’s post to be an interesting and telling story!  I have certainly witnessed this first hand. Some “authorities” really do understand the BRM role – perhaps not quite as much as we at BRMI aspire to – but they still get it.  For example, I generally find that Gartner gets it pretty much right, and has been ‘promoting’ the BRM story for a number of years.  Our valued BRMI sponsors Leading Edge Forum, very much get it, and have conducted extensive research into the role over the years. After that, the knowledge gets pretty thin and in some cases, completely wrong!

I’ve had to go in after other consulting firms have pointed clients in a very wrong BRM direction. The clients, sooner or later, figure out that what they’ve been told is either unworkable or at least is unsustainable (the BRM as a single point of contact is an example of consulting advice I had to help a client recover from a couple of years ago!)

This is a shame. We at BRMI are trying to spread the word – but we can only spread it so far, so fast!  It is practitioners such as the member that created the post above that know the reality and have the presence to interject a dose of reality!

Scrum: Twice the Work in Half the Time–Really? Part 2

scrum-daily-scrums-axisagile-scrumtroopersThis is Part 2 of a 2-part post.

In Part 1 I provided some context for my post inspired by the book “Scrum: The Art of Doing Twice the Work in Half the Time” by Jeff Sutherland, including a disclaimer on why you might not like this book. If you are experienced in Scrum methods, please look at Part 1 before reading this post. If you don’t have any Scrum experience, please look at Part 1 before reading this post!

Why I Loved This Book!

With my career focus on realizing business value from IT investments I’ve seen so much “business value leakage” and even many outright project disasters. As such, I’m inherently a believer in agile approaches, and wonder why they are so slow to penetrate enterprise IT organizations.

Scrum draws heavily on the principles of Lean, with aspects of Iterative Development, Rapid Application Development (RAD) popularized by James Martin, and is one dimension of the Agile movement. The book is very much a history of Scrum–and a compelling history it is! If we are to believe the author (and his credentials are stellar!) many major projects that were waaaaaay off track were brought back on track using Scrum.

I’ve always believed in the mantra, “Deliver value early. Deliver value often” and this is inherent in the Scrum approach. What surprised me most about the book is that Scrum can be and apparently is being used in a wide variety of projects and businesses, well beyond the world of software projects. In retrospect, this makes sense. With the pace of change we all live under, the ways social media and Web 2.0 technologies enable rapid experimentation and the rise of ‘customer experience’ as the key perspective, the notion of rapid delivery of value in a series of short “sprints” makes sense.

Dr. Sutherland has an impressive background–from Top Gun fighter pilot with over one hundred missions over North Vietnam, to receiving a Doctoral degree from the University of Colorado Medical School to systems development and the co-father of Scrum. He is a great story teller–his many anecdotes and experiences are highly relevant and compelling. The book is well-organized, with each chapter ending in “The Takeaway.” Apart from the anecdotal evidence in favor of Scrum and the sheer logic of his arguments, Sutherland presents mathematical evidence of the cost of ‘context switching’ so prevalent in the way IT organizations run today, and in the prevalence of misguided multitasking that is robbing us not only of quality, but of lives, as people try to drive and text or conduct phone conversations at the same time.

Jeff gets into a topic I feel quite passionate about because I see it very frequently in my clients–we are all working harder than ever and generally getting less done! This is an insidious behavior–creating the delusion that we are getting things done, while the reality is that we are simply busy–trying to get so much done that nothing of value is really getting done–or that we are unable to distinguish between the valuable and the urgent.

The book reminds us of what we are all acutely aware–detailed ‘waterfall style’ project planning creates a lot of work and delivers an illusion of reality that almost never pans out.

The Trouble With Scrum

Other than the inevitable learning curve, there are some very real problems with Scrum–or more to the point, with the context in which Scrum is applied.  These include:

  • The IT project funding model. There’s an age old aphorism about crime, “If you want to understand a crime, follow the money.”  My corollary to this is, “If you want to understand dysfunctional behaviors around IT, follow the money!”  Most funding models drive dysfunctional behaviors. With regard to Scrum, funding models are often not set up to fund in increments, and business sponsors feel that if they don’t sponsor the whole project up front, they may be left ‘hanging’ with additional needs and no resources to support them. Sponsoring the whole project up front typically means building the project plan and securing project resources–with the implication that you know exactly what you are going to deliver and how you are going to deliver it–which flies in the face of Scrum. I believe there is merit in adopting a Real Options approach to funding business initiatives, and that this might align quite nicely to Scrum and other agile methods.
  • The shortage of skilled Scrum Masters and Product Owners–roles crucial to Scrum success.
  • Resistance to organizational change. It is ironical that even though we know that waterfall approaches don’t work very well, we at least we are familiar with those methods and feel like we have control (even if that is largely fantasy!) we are reluctant to try new methods, no matter how compelling the evidence might be about the value of those methods.
  • Clarity of what types of solutions best lend themselves to Scrum, and what to stay away from.  I hear this quite a lot, and have to say I’m actually rather skeptical that Scrum can’t be applied to most, if not all, business problems and IT solutions. However, I don’t have the experience base to support my skepticism–reader feedback welcome!

Implications for Business Relationship Management

Regular readers of my blog will know that since co-founding Business Relationship Management Institute in early 2013, many of my posts have a Business Relationship Management (BRM) spin, so I want to explore the implications of Scrum on the BRM role. Having teed that up, I have to admit that I have many more questions that answers. I’ve had many discussions with BRMs about Scrum, and this is what I’ve learned so far:

  1. Some BRMs have no idea what I’m talking about when I raise questions about Scrum.
  2. Those that do are generally enthusiastic about the concept but are having a hard time nudging their Project Management and Solution Delivery groups into adopting Scrum methods.
  3. A few actually have Scrum ‘experiments’ going on, with generally positive results.

I’ve recently kicked off some research among the BRM community and will share my findings through this blog and other channels.  If you have some experience and would like to participate in the research, please let me know directly, or via comments on this post.


Graphic courtesy of Axis Agile