Historically, a rogue was someone known to be slightly mischievous, downright dangerous or, even, deviant. In today’s world of cloud start-ups birthed in college dorm rooms, however, rogues have also become known as rugged individualists who successfully buck the status quo, thereby changing it in the process.
In reality, both of these depictions are true. A rogue can present two sides of the same coin: Just as much potential for destroying old ways as for creating new ones. At this intersection of destruction and renewal is where we now find rogue IT.
For those unfamiliar with the concept, rogue IT is a business user’s practice of buying and using IT services without the express knowledge or approval of the company CIO (or its corporate IT department). In effect, such users leapfrog corporate IT’s traditional, often-slower methods of project evaluation, analysis, purchase and implementation in favor of what they perceive as a faster route to achieve their goals.
Rogue IT practices have grown exponentially with the use of public cloud services. Will these herald the end of internal IT or a means for healthy IT transformation? The risk exists for either outcome. It all depends on how IT organizations approach it.
Welcome to the new ‘Age of Me’
The age of smartphones, tablets and public cloud services brings with it a new era of personal empowerment for end users -- both in business and at home. It’s the ultimate promise of cloud: That you can work where you want, when you want, from anywhere and from any device. It is, in effect, the age of Me.
On the business side, this age also brings with it the emergence of powerful enterprise cloud services to aid workflows and accelerate business processes. No longer do business users have to feel constrained by their own IT infrastructure or what they might perceive as slow, internal IT policies. With little more than a credit card and surprisingly low, per-use startup costs, users can create an account on the public cloud. They can even be up and running in minutes.
This is a far cry from the weeks many might have otherwise spent waiting for their own IT organizations to evaluate new projects or provision internal IT services.
Pressured to perform at the increasing pace of business, many such users are “going rogue” in the cloud as an effort to get faster results or as a means to try out new methods. If you think this form of rogue IT occurs only in isolated pockets, think again.
A 2012 Brocade study found over one-third of respondents acquiring outside cloud services without the knowledge of their IT department. Later studies now show a much larger number. A 2013 survey by 2nd Watch found 61% of business units bypassing IT, choosing instead to procure and manage cloud services on their own. In another recent survey by Frost & Sullivan in conjunction with McAfee, 80% of both IT professionals and line-of-business users admitted they used SaaS applications without their company’s formal approval.
According to our own work with midrange and enterprise companies, some of this move is toward the use of SaaS applications. Other cloud services are also gaining in popularity. The business unit says, “I have to get my job done. If I can set up a server at Amazon or Google or use Dropbox to collaborate, I’m going to do that.” Such forms of rogue IT tend to use these services as a means to an end: How to deliver value to their company’s bottom line.
From the internal IT team’s point of view, contracting with outside services in this manner is often seen as a dangerous practice. Recent accounts tend to support these concerns, especially when it comes to overriding a company’s own data security and compliance guidelines. While recognizing some of the risks of their behaviors, however, most rogue IT culprits remain willing to take them in exchange for the cloud’s potential agility and faster speed of execution.
If you can’t beat ‘em, join ‘em
What should internal IT organizations do about this growing trend to bypass them in favor of external cloud providers? Here are a few rules of thumb:
Decide if you want to be proactive or reactive.
Reactive organizations tend to reinforce unfavorable IT stereotypes held by their business users. These might place them as the organization that always say no or the ones you can count on to set up a million roadblocks to new business ideas. In what may be perceived as an effort to protect their turf, highly restrictive BYOD policies and cloud edicts can gain IT few new friends.
On the other hand, proactive IT organizations recognize early on that they don’t just have a budget and technology problem. They also have an internal image and communications problem. They take steps to learn what’s important to the business and how best to align themselves to deliver IT services to support those needs. They recognize the need to become an internal service provider who is trusted to meet the needs of its users. Proactive organizations look for ways to build stronger, on-going relationships with key business stakeholders. They take steps to transform themselves from that of naysayer to an advisor, enabler and innovator. Some even look for ways to empower individual users and business stakeholders further in their own choice of IT.
On a technology front, proactive organizations begin to look at the underpinning architectures and organizational changes that can make them more responsive, agile and cloudlike. These might include the use of unified or, converged, infrastructures, software automation and the short-term deployment of private cloud proofs of concept - especially for the immediate needs of application developers in the organization.