Why Antibiotics Are the Wrong Approach to Shadow IT

Possibly because the bad ones can kill you, bacteria get a bad rap. Those Purell stations you see at conferences? They’re barely competent as a viricide, but excel at destroying bacteria. And while the CDC says they’re not necessary, anti-bacterial soaps remain all the rage these days.

We’ve been conditioned to consider bacteria as the enemy by way of related horror stories. The toxin produced by Clostridium botulinum, for example, the bacteria which allows celebrities to give their faces a carboard-like appearance, is incredibly toxic. 1 gram of it, in fact, is enough to kill 14,000 people. Escherichia coli, a normally helpful occupant of our digestive tract, has a variant that can cause hemorrhagic diarrhea, kidney failure or even death.

From these stories and others we’ve acquired an instinctive mistrust of bacteria, a faith that they are instrincally harmful. The facts, however, say otherwise.

We know that bacteria are critical to digestion; they have the ability to process compounds the human body does not. They are also able to output vitamins for the body, including B12, Folic Acid, and Vitamin K. Premliminary research, as Wikipedia terms it, suggests that bacteria may be of use in the treament or alleviation of conditions like IBS, lactose intolerance and even colon cancer. In explaining why cavemen had better teeth than modern fluorinated citizens, meanwhile, researchers point to a decrease in bacterial diversity within the mouth.

However beneficial they might be, then, as a species we apparently consider it our mandate to wipe out bacteria wherever we find them. In spite of the fact there is less than no chance that we’ll ever successfully eradicate them, or would be better off in their absence even if we could.

All of which might sound a great deal like quote unquote “Shadow IT” if you’re in the technology industry. If you’re unfamiliar with the term you’re not likely to be unfamiliar with the concept: it refers to individuals or teams within organizations operating independent of IT in areas that have typically fallen under the latter’s jurisdiction. Within most enterprises, Shadow IT is regarded as an almost existential threat, a specter of disorder and chaos. Predictably, the organizational response to this perceived threat is to eliminate it – regardless of the cost.

Like most patterns in the technology industry, Shadow IT is not new. The first PCs made their way into the enterprise unofficially, like the minicomputers before them. Early Lotus sales people, for their part, were explicitly instructed to avoid IT staff and instead make their case directly to the line of business. Shadow IT exists because IT staffs are vulnerable to exactly the same disruptive forces as the vendors they buy from. Each successive generation of IT adoption leads to a calification of infrastructure, skills and mindset. As a result, each new transition – from mainframe to minicomputer, minicomputer to PC, PC to mobile/cloud/etc – leads to a repeat of the cycle, in which new, potentially disruptive technologies are attacked only to become become the incumbent over time.

In other words: all of this has happened before, and all of this will happen again.

The only real difference today is that disruption is occuring at an accelerated rate. Consider that open source really began to take effect in the early part of the last decade, that AWS launched in 2006 and the iPhone one year later. Things are moving quickly, and IT organizations – already ill equipped through no fault of their own to adapt to systemic change – have to adapt to more, faster. The unsurprising result is that IT organizations have been increasingly overwhelmed – and frequently outmatched. To the point that the term IT itself is, in some contexts, a perjorative.

It is not technically true to say that Shadow IT is strictly a reaction to IT dysfunction, but certainly the high latency of application development or the glacial pace of server provisioning, to pick two examples, have contributed to its growth. When line of business requests an application from IT and are told it will take months to develop, they now turn to a Shadow IT armed with tools like dynamic programming languages and PaaS to compress those delivery cycles. When CMOs, for example, need hardware to host the applications they’ve built, and are told delivery times will be measured in weeks, workloads inevitably shift to public clouds. And so on.

One perspective on these developments is that Shadow IT represents a dangerous, destabilizing force within an organization sure to run afoul of compliance regulations or compromise internal security. Which, it should be acknowledged are non-theoretical possibilities. But organizations should also consider the bigger picture: Shadow IT is doing trying to get things done more efficiently. They are the good guys, the beneficial bacteria.

While Shadow IT resources will doubtless bristle at the comparison, they have a lot in common. They fill an essential role: they allow the larger organization to operate more efficiently, and to accomplish things they would otherwise be unable to. And like bacteria, organizations are desperate to eradicate them using any and all means at their disposable – irrespective of the prospective benefits.

Before turning to the antibiotics, however, organizations would do well to examine questions of alignment. It is possible, even probable, that they’ll find that Shadow IT is not only improving the overall health of the organization, they’re doing it better than the factions trying to stamp them out. Either way, Shadow IT resources can take comfort in one other thing they have in common: whatever the response, both are going be with us indefinitely.