I wonder how the emergence of portable apps that do not need installation are affecting this trend. I know many companies that disallow installation of software by lower level users but portable apps provide an easy workaround for this.

I recently joined the 'rogue' movement with a highly useful piece of software. It turned out to be even better than I expected, so much so that I tracked down the IT Director (small company, about 40 people) to share.

So my first thought in response to this article is, is there anyway IT departments can 'mine' these grassroots advances to help everyone? IT staff don't nearly have the time to randomly surf to find useful tools. But regular users who find a need probably will take the time, and since there are so many of them (in proportion), their individual, self-interested action could be taken as a useful resource rather than a 'rogue' movement.

I would agree with the 75%. As an IT director, I'm not opposed to business groups becoming savvy about possible tools to help solve business problems. They are the closest to the problem and can articulate the need.

However, I have multiple masters. I need to ensure TCO for IT systems across the organization is managed. I must also facilitate the solution to the business need.

I'm in favour of well defined standards and an exception handling process. The business groups and senior decision makers need to understand why the exception is worth loosing any economies of scale.

How many of these activities in the IT "shadow" culture end up violating SOX and who is on the hook when the company gets audited and there are negative findings? My guess is that many of them are, they are undocumented, and when found it will be IT that will be hung out to dry.

The same question should be asked about potential security issues along with violation of federal privacy laws. Sure, you can point to the breaches that have occurred in places where the data was under IT management, but how much more is exposed in the shadow world because I can guarantee that security is the last thing on non-IT minds.

Perennial Desktop Support staff was a thing of the 1980's, it was out of fashion in the 90's and by this decade it was an expense with shrinking benefits that few corporations still wanted to shoulder.

Employees are smarter about technology today.

The behavior that you describe sounds to me like employees displaying initiative and tackling problems that an unresponsive IT department isn't handling quickly or efficiently enough.

While I'm in complete agreement that power users and code cowboys are dangerous if allowed to operate in a vaccum - the response should NOT be negative towards someone trying to get their job done - that is your customer - it should rather serve as impetus for IT to be more responsive and available. Someone can only operate in a vaccum if there is one.

The last two posters are a clear example of how applications (user installled OR IT installed) become 'rogue' - lack of partnership between IT and business users. Security and SOX compliance should be important to all departments in a business and there should be at least a basic understanding across the board. At the same time, IT can never address every individual need - NOT because they are unresponsive but generally because they are understaffed as measured to demand. The establishment of an interdisiplinary governance board with a clearly defined set of standards qualifications as a body for 'rogue' users to submit proposals to is a win-win for everyone. The business doesn't have to wait for scarce IT resources to get something implemented and the 'rogue' technology proposal is reviewed,improved to standards if deficient, and is known to all.

Shadow culture is a huge problem. Workarounds and user initiated solutions are departmentalized / work group orientated - no one with "the big picture" in the designers chair. This inventively leads to duplicated systems / processes across different departments wasting data entry, system resources, and end user maintenance time. Then when local department “geek” leaves, the department manager wants IT to take over support. Sorry, no. Application gone. Additionally, rouge installations introduce licensing issues and ongoing costs in the way annual support contracts.

There’s nothing worse than a corporate critical application no longer working because some bone head decided he wants “the weather bug” on his PC. We continually monitor and inventory everything installed, and have gotten to the point where I have removed rights of end users to install anything. As an IT manager over several hundred workstations, I don’t have time to fire firefight user created issues, so I simply don’t allow them.

I have found that creating a Technology Advisory Board and inviting an IT savvy rep from each of the business areas allows them share their ideas. It provides a forum that can bring these shadow groups into the light and encourage them. The Business benefits by reducing the TCO as the groups share ideas driven from the business side and IT benefits by truly empowering the users. IT should facilitate the use of technology and nowadays the users are light years ahead of where they were when IT needed to control what they did.

WH3

It seems there is no one solution to address this issue. Dealing with 10+ business units (BU) running completely different business models under the umbrella of one organizational division (in one office building), the way I handle this is to have an IT interface in each BU. On a bi-weekly basis, they are invited to meetings where the infrastructure manager explains general IT policies to IT interfaces which have to monitor these.

Thus, we established both awareness and the even more critical contact to BUs. Sure, corporate IT does regular audit-like checkups with the result being reported to GMs of BUs. This motivates IT to not restrict BUs too much, and this also enables BUs to run in an audit compliant way.

Ham-handed IT processes applied de jure by IT managers to each and every user request, no matter the size or scope, is substantially to blame for the increase in "Shadow IT". Why would a user want to spend two months and $20,000 defining the need for two day fix? Look to thyself, IT manager and put some flex in your approach. PM