So how do we adapt our role to cope with it?
First thing we need to do is take it out of the shadows. Enter a discovery phase, find out what is going on. Then have a plan.
We had a group discussion on our tables, and I was sitting between the CIO of
the European Parliament and the CIO of Europol. We had some interesting debates about what was appropriate. They couldn't really get their heads around our very open attitude!
Then we looked at some examples of good practice, summarised below:
Need to engage. Will change the role of the IT department.
Get some visibility, find out how much is going on. Share it .
If people are developing or implementing shadow IT they have to be accountable for it. For support, security etc. Put in place processes to do this.
Provide guidance to the organisation
What areas is it legitable and sensible to allow end user development. What areas are no go areas.
Use this 2 by 2 grid
Things can start in one quadrant and move. Need to keep under review.
Create red lines.
Privacy, security and compliance. Lines which must not be crossed, and there must be consequences.
Requires clarity, training and education.
Exploit Bimodal IT
Become more agile and flexible.
Eg vendor and contract management. Hosting. Project management.
Offer tiered support.
Different levels of support for different systems.
Train staff, bring them into central organisation and teach them. Then might trust them more.
Have an end user board.
Not just IT department policing things. Let a board come up with polices etc. are risks though!
Get them on board. Put the policing action on audit, not us.
All very interesting and useful. And reflects closely what we're trying to do in our IT as a shared service project.
- Posted using BlogPress from my iPad