What exactly do people mean when they say “IT”?
- The computers? The networks?
- The people who run them?
- That organization that loves to say “no” and is always slow and expensive?
- Dilbert’s “Preventer of Information Services”?
It’s true that many organizations are decentralizing information technology. What were once called “shadow” systems or “rogue IT” are now the reality, as business units mature through digital transformation. In this evolving context, having a centralized Chief Information Officer in charge of all technology makes about as much sense as having all employees report to the Director of HR.
However, there is a twist. Business executives, many of whom have the perception of IT as “bureaucratic,” may look forward to having their “own” technology and technologists. They may even think they can manage technology better, that it can’t be “that difficult.” Process? Who needs it?
When and if the first few teams are instituted “outside” of IT control, including the ability to acquire computing capacity and build functionality on it, they may move quite quickly, giving their new business sponsors great satisfaction.
But problems soon arise, perhaps as predicted by the CIO when decentralization process started:
- How are these systems secured?
- Are they compliant with licensing requirements?
- Are they backed up?
- How do you know the data in the system is accurate?
The new business-owned IT finds that some consistent way of building and running new functionality is still required. They may even find that, although computing capacity, developers, and operations staff are directly funded from their budget, enterprise processes and standards represent important guidance that would simply have to be re-invented.
Take for example configuration management. This is the kind of activity business leaders love to hate. At first glance, it might seem far removed from the bottom line. And yet in the digital economy, it’s front and center. Lines of business deploying vast numbers of Internet of Things endpoints have no choice but to inventory and control them; the risk is far too great otherwise. And the infrastructures and services required to do so are not easily or cheaply constructed.
As technology becomes more and more diverse, employing NoSQL approaches that are tolerant of new, diverse data types becomes essential. Understanding security and risk will increasingly require sophisticated analysis across the digital exhaust of these massive, complex infrastructures. At the end of the day, the financial and organizational reporting structures will be less important than the overall digital pipeline. In this new world, data still needs to be governed and managed, auditors will still be evaluating operational practices and risk controls, regulators will still ask for evidence, and will not be interested in whether the organization has centralized IT or distributed digital services.
In spite of this, digital technology will remain with the lines of business, for the same reason that the HR director does not “manage all the people,” nor the CFO “manage all the money.” The Agile movement, as a key enabler of digital transformation, emphasizes that digital products require close collaboration between developers and business experts, along with the fastest possible feedback from the market. The days of the “order taking” CIO organization are over.
What becomes of traditional IT capabilities in this new world? There is a great irony. We have talked for many years about how “IT” must become closer to “The Business.” This is now happening, and now the business is being transformed as much or more than traditional IT.
In this new model, incident management becomes customer service management, configuration management pervades business operations, the Internet of Things becomes the production shop floor, the IT portfolio becomes the digital product portfolio, and IT vendor management simply becomes vendor management, now requiring product specialists in Cloud services. And data management of the digital infrastructure simply becomes data management.
Despite the shift of focus to “The Business”, IT remains the organization that is best equipped to handle the applications once they are deployed. IT sets the bar for security, risk controls and IT Service Management centered around the Configuration Management Database (CMDB).