Paul Lewis

A Question from the High Iron: Innovating with Shadow IT **Video Added

Blog Post created by Paul Lewis Employee on Jul 31, 2015


**Note to reader: From time to time I will devote a post to answering one of the thousands of hand written letters I receive every day.  I feel it’s important to participate in national debates and have my fans’ voices heard. (names have not been changed…because…well…they know what they’ve done to deserve it).


Like this one:


“Dear Mr. Lewis,


Given that we have corresponded frequently over the last couple of decades, you know that we spend our very limited break-time discussing the often politicised issues of  “Relative Clamping Value of Rivet vs Bolts vs Pins”  or “How much better at everything is an Iron Worker compared to a Millwright/Pipefitter” or the often heated battle over the “Appropriate Tension of Retractable Tethered Safety Harnesses”.  We have had some real blow outs, often leading to fisticuffs.  Just last week, the apprentice Curly slipped off the scaffolding making a naïve point about joist girders. Good thing the safety watch Gordie caught him in time, with the expected “Fella, next time wear the harness…or it will escalate into Guy” reaction.


Occasionally we put a metaphorical “pin” in the professional talking points and discuss some of the REAL problems of our generation, and yesterday was just such an example.  Gus, the foreman, wondered aloud (as he was drinking his coffee leaning against the lift while we did all the work), “I wonder why we haven’t solved the problem of Shadow IT yet?  I can’t stand that so many LOB users are creating their own applications and ignoring all the governance required to really make these solution ENTERPRISE-ready”.


As expected, there was no debate.  Everyone on the beam murmured how awful it was that a potentially unsecured and haphazardly project managed technology was created outside of the safety net of the Information Technology team.  A group sigh of “how COULD they ?!?” could be heard across the site.


I volunteered to reach out to you on behalf of the trade.


Mr. Lewis, how can we stop this Shadow IT from ruining a perfectly good IT shop?


Fasten-atingly Yours,


Derek Thumbsup, Local 736

Tillsonburg, ON”




Dear Derek,


You raise an interesting question, one that far too frequently is asked behind closed cubicle doors. After some pondering of my own, I submit the following opinion on the matter:


Simply put, the emphasis is on the wrong word.  It’s not “how COULD they ?!?” (wondering where they find the unmitigated gall to pull off such a stunt)….but “HOW could they !” (what can I do to encourage it).


You see Derek, Shadow IT isn’t really a problem.  Shadow IT is where ACTUAL business problems get solved.  Why might I come to that conclusion?


The business needs to earn revenue and deliver a profit, and operators of the business complete a series of tasks to ensure those goals are achieved.  Several of those tasks need to be delivered and/or supported by technology to maximize the efficiency and effectiveness of the outcome.  If IT provides that technology to meet the requirements of the outcome, great.  If IT cannot (because of budget or skill limitations), or will not (because of process adherence or governance concerns), the operators will simply find another solution, namely shadow IT. Shadow IT be homegrown or outsourced (i.e. hire/rent/buy alternative to enterprise IT).  Either way, the outcome will be achieved, and  the business problem will be solved.


Why can they do this?  It’s their money.  They make it, they can spend it as they please.  How do they want to spend their money?  Implementing innovative ways to grow, diversify, and create more value to customers.


Of course security and governance, especially of data, is a VERY REAL problem that needs to be addressed.  The company needs to be protected from cyber-crime, and technology enabled business services need to be available and performant. IT, in striving for predictability in these and other outcomes, often resorts to elaborate project management methodologies, IT governance practices, security policies and procedures, and antiquated command-and-control management styles.  Yet more often than not IT’s very reason for existence, delivery of business value, is sacrificed at the altar of predictability.  IT in many respects suffers from “inmates running the asylum” syndrome.

The business operations argument is, quite justifiably, that technology-related concerns should not be addressed by delivering so slowly so as to not solve the business problem at all.  Hence Shadow IT.


Complaining about Shadow IT is then equivalent of telling the business: How we earn money, make a profit and grow is LESS IMPORTANT than adhering to a set of internally-defined techno-babble guidelines and processes.  Considering how they would react to such a statement, you know why their technology driven business innovation is increasingly occurring in the Shadows.


Which brings us back to the “Simply put”.  What can IT do to ENCOURAGE the business to innovate WITHIN the business (new definition of Shadow IT), and effectively move the actual enabling technologies into the shadows. Here are a few ideas:


  • Most Shadow IT is created because the business data is hidden from use…so IT must enable Data Mobility
    • Ensure that the data created within the organization is mobile and accessible for new purposes, and provide the function directly to the business to search and use those business assets
    • Abstract the source data from the source application and underlying infrastructure, and elevate data as a primary stakeholder in IT, equivalent to applications versus remaining the side effect of them
    • In concert with your EDW, create a data lake or repository to store structured, semi structured and unstructured data in a consolidated fashion.  Provide multiple mechanisms to access data and visually blend it with external information for greater business insight
    • Create an ability for the business to collaborate and share information/documents internally and with external partnerships
    • Include appropriate protections for data loss and resiliency behind the scenes within the foundation


  • Many business execs want the go-to-market agility possible with Google, Amazon and Microsoft…so IT must provide a Cloud on-ramp
    • Encourage the use of multiple IT providers based on what’s best for the business
    • Broker relationships and contracts with external providers of software, platforms and infrastructure ensuring they meet contractual and regulatory SLA’s baked into the company’s service offering
    • Provide policy based automation for how/when to use the cloud options provided.  Let the business determine when/how data should be protected, archived, and who should be doing it.
    • Include appropriate security requirements for identity management / authentication / authorization, and information life cycle governance within the foundation


  • Operations hires “programmers” to quickly create utilities and will not wait in line….IT must provide a Development platform:
    • Implement a means for business experimentation
    • Provide a development platform for themselves or for a contracted third party to use
    • Supply various application development skillsets to supplement their business knowledge and encourage agile development process
    • Include appropriate application and environment life cycle governance and provide the business means to understand the costs and performance related concerns of moving across environments eventually to production


(btw: If you were wondering how one might be able to deliver mobility and cloud with foundational technology, check out these link: and )


And if it were my building, I’d go with rivets ALL THE WAY!  I find them aesthetically pleasing.


Yours to be built from scratch,


Paul Lewis


P.S.  Have I ever told you the story of when my cousin and  I thought that dusk was the appropriate time to hike several kilometers through the English countryside with a inn-provided laminated map with  included directions like “when you see a set of trees, you’ve gone too far” on the first day of our first trip across the pond…..