CIOs tout guardrails as prevention for shadow IT woes

SaaS democratized technology procurement for business leaders and, in some cases, circumvented the need for IT involvement.

Line of business technology adoption liberates CIOs from technology minutiae, creating more bandwidth for strategy, yet compliance gaps and security concerns persist.

Every SaaS app the business purchases — so-called "credit card applications" — can have implications for the business if no one oversees the data going in or out, said Sheila Jordan, chief digital technology officer at Honeywell, speaking during a CIO panel hosted by Protocol last week.

Multinational conglomerate Honeywell operates in highly regulated sectors, from aerospace to performance materials. To avoid compliance issues, the company follows a global design model and the IT organization provides the capabilities the business asks for, Jordan said.

Honeywell places guardrails around the use of technology, prioritizing the "better, cheaper, faster and safer" credo while protecting the company's assets.

The company has 42 active digital transformation programs, including an ERP consolidation, Jordan said. "Every single strategic business unit has a digital agenda and we get in the middle and help orchestrate that."

Successful shadow IT deployments operate in an environment with centralized governance, part of a clear digital enterprise strategy. Department-level technology purchases are inevitable, but technology leaders can use governance to reduce risk.

"Shadow IT has a real negative connotation to it and I think, as technology leaders, we need to embrace what these folks are trying to do," said Chris Bedi, CIO of ServiceNow speaking on the panel.

Departments are buying technology to improve operations, he said. Technology leaders can provide the platforms for departments to build apps on, curating data sets and crafting the right governance and cyber strategy.

"I truly think that if we do that we can let all the talent in our companies actually participate in their own digital transformation without having to come to a central organization," Bedi said.

Application exhaust

Shadow IT is a lingering phenomenon, but the pandemic created a new era of business-led IT, where workers decided what apps they wanted to use for their jobs.

Lines of business manage more applications than IT, accounting for more than half of all company app ownership, a Productiv report shows. Companies use an average of over 200 apps.

"One of the silver linings of COVID[-19] is that it made the technology become very real and relevant to every single individual in the organization," Jordan said. It opened the aperture of what technology can do for business.

Line-of-business leaders are turning to data, an area where technology governance can excel.

FedEx has a tremendous amount of data generated from operations worldwide, but it's generally a byproduct — or exhaust — of applications, CIO Rob Carter said, speaking on the panel.

The business partners wanted data access, so technology placed guardrails around how the data is delivered, controlling what data they see form lakes and core data structures.

Business leaders "are hungry to do real work," Carter said. "It's not our job to try and stop them, but putting the right guardrails and the right governance and management around data has been the best way to empower them and at the same time, keep [those] incredible assets safe."