This is actually an old story, from a previous life, but I need to get back on the posting bandwagon. Way back in the day…
… there was a site on the public Internet with Company Confidential Information out there. The site was put together by an ambitious sales rep with some time on his hands, a few technical books, and a yen for something interesting to do. It was a nice little site, too – even had user ID / password security … but the Powers That Be – actually, the Head of HR – still wanted the site taken down.
Mr. HR put the question to me – does IT have a policy against this? I thought he meant a paragraph in the policy manual, which threw me for a loop because HR was the business area responsible for creating & maintaining the policy manual (he should know, right?). I pointed out that the best we could do re: existing IT policies was our general disdain for the misuse of company assets.
Actually, I was a bit confused, because Mr. HR was rightly concerned about confidential information on the Web – in fact, the protection of corporate information is a standard, existing policy. However, upon further conversation, I figured out that Mr. HR is looking for an IT policy, to prevent business units from doing skunkwork projects / shadow IT.
The core issue came out when I asked Mr. HR what he wanted to accomplish; in essence, he wanted me to be the Heavy, and tell this guy to take his site down. Why can’t Mr. HR tell him? Because the business unit manager supports it, and Mr. HR can’t get them to enforce the policy on company information.
Ah, I see. Well, IT can’t help here …
But would such an IT policy be helpful / effective? Some IT folks would love a policy like that – alas, it’s unenforceable …
- Compliance / governance on something like that would be difficult, and only successful if implemented in a draconian way. Not the best way to win friends
- The typical IT department never has enough resources to do everything that the business would like to get done
- “Departmental” projects often develop handy applications. We had an Access database that managed consumer complaints; it originated as a skunkworks project, but had evolved into a nice little tool.
I’d like to see the business encourage forward-thinking folks, and not immediately write off any IT ideas based on what department they came from. This is not a call to let go all of the financial & audit controls, or systems development / integration rigor. On the contrary – there is actually a natural “IT oversight” requirement / phenomenon. If any area of the business needs to get an app on a production server, or sharing data with a production system, IT will have to get involved sooner or later.
Look, we’re fooling ourselves if we think the IT Department is the only source of knowledge about information technology and it’s applicability to business problems. IT must realize that most B-school grads have taken one or two semesters of Data Processing, have machines at home that blow away their corporate desktops, and create spreadsheets that integrate data and perform complex transforms. The Business is often our best source of ideas for the meaningful application of information technology.
On the other hand – technology mavens in the business must realize that it’s quite different developing for high volume, scalable, integrated-with-everything-else, supportable systems. Working with and through IT is always the best way to ensure sustainable implementations that leverage existing infrastructure and are delivered in a timely manner.
Ideas – delivered. Sounds like a great mission statement for Corporate IT.