DevOps: The Right Approach to Shadow IT?
Shadow IT, per Wikipedia, is “a term used to describe IT systems and IT solutions built and used inside organizations without explicit organizational approval.” Less formally, it refers to business applications built by users without the guidance or even knowledge of the IT function.
Those in IT warn that such applications are risky: potentially unsecure, often redundant, possibly unstable, non-standard, and unsupportable.
Business users will counter that IT takes too long to deliver needed functionality, that its rules and structures can’t operate at the speed of business.
Since there is truth in both perspectives, how can organizations most productively address this conflict? How can IT improve responsiveness and business alignment to remove the incentives for business users to go around their function?
DevOps may provide at least part of the answer, according to DevOpsGuys:
“Our view is that DevOps can be seen as the perfect defence to ‘Shadow IT’ as it co-opts many of the key ‘manoeuvre warfare’ concepts to provide the user with the speed, flexibility and time-to-market they want, but still within the control of IT to ensure standards, security and compliance.”
The value of DevOps in minimizing the risks of shadow IT depends at least somewhat on one’s definition of DevOps. The most common representation is of DevOps as the union of software development, quality assurance, and technology operations disciplines.
The scripting and automation of DevOps enables agility, but doesn’t in and of itself reduce shadow IT.
- communication between IT and business functions;
- agile software development practices; and
- “robustness,” meaning that the resulting business applications are tested, maintainable, supported, and secure.
Key to providing these attributes in a scalable manner is to utilize technology and processes that both IT and business users can embrace. Organizations can leverage scarce IT resources and provide business users with control—safely—by implementing an enterprise workflow automation application that enables business users to create, test, refine, deploy, clone (and if necessary, roll back) process automation, with minimal IT assistance.
Just as DevOps requires a level of automation more sophisticated than that provided by simple scripting tools, addressing shadow IT will likely require more than DevOps. But the combination of communication, agility, and robustness offers one potentially valuable approach for bringing IT out of the shadows.
Download the white paper Enterprise Request Management: The Process to discover how the ERM approach enables IT to work with business users to design and present service processes and solutions in a secure, reliable manner.