OK, so it isn’t a term you’d casually throw around at your neighborhood hog roast.
Nonetheless, you may want to start trickling the idea to your management colleagues. I’m not a fan of nascent phrases like highly converged teams, but the essence of what it’s trying to convey does deserve a closer look.
A converged team: top-down
Highly converged teams can be drawn from cross-departments to cross-countries. They may be familiar colleagues or complete strangers. They have to work not just across geographies and time zones, but also across disciplines and functions.
They also have to work to a unified brief, in highly regulated environments, to exacting standards, dictated by exacting clients.
A converged team: bottom-up
Elsewhere, I’ve seen teams emerge from the bottom-up. Self-selected, highly-motivated, outcome-focused—but there one week, gone the next.
These new pop-up teams were completely below the enterprise radar, using the tools they were personally familiar with, but way out of the corporate comfort zone, and fracturing who knows how many client contractual agreements.
Both examples present challenges to the typical IT operation, especially if key pieces of the infrastructure aren’t present. And if the partner organizational services like HR and finance aren’t singing from the same hymn sheet, the eyes start to spin!
The new normal that you really can’t ignore
Now that we’ve covered what “highly converged” conveys, how do you manage those teams? Both examples represent an emerging new-normal, where current IT practices just won’t suffice. Have you seen written in your procedures somewhere that account changes should be requested three days in advance? New starters (Joiners), five days? And what of Movers—two days? Not going to work! Not if we are going to be able to respond to the new client dynamic where “when” is going to be just as important as “what” and “how.”
We’re all aware that these are the ingredients that make up shadow IT. We in IT cannot give these teams what they need, when they need it, so of course they go do it for themselves. For my first example, that could be catastrophic. For the second, it’s still a risk, but with a smaller surface area, in both time and purpose.
In either case, what we can’t do is ignore the problem. It didn’t work for King Canute, and it won’t work for us. If we are to enable these new macro and micro teams to be able to concentrate on the “what” without bemoaning the “how,” we have to work out how to give them what they want, and closer to when they want it.
I propose a new model
So the model has to change (unless you can magic some additional resource from somewhere).
Three key things have to happen when taking on new apps:
- Develop a new app onboarding process—one that can make sure it ticks all, or most, of the compliance and security boxes. And for those boxes it doesn’t tick, don’t immediately chuck it out. Instead, seriously weigh the pros and cons, and decide if it’s worth re-evaluating the criteria. For example, if it’s a client compliance issue, consider if it’s worth having a conversation with that client.
- Address cost and support issues. I’ll discuss cost shortly. For support, maybe we need to consider a new way: IT only offers functional support, not usability support.
- Design a comprehensive, no-stone-left-unturned, awareness and education program. Your colleagues are the weakest link, and they are the number one target for hackers looking for ways into your network and compromising your data.
A few caveats
Some serious caveats are required at this point. Firstly, this new framework is clearly not going to apply to new Line of Business applications, database or BI tools, or anything that fundamentally alters the product or fabric of the business.
What I’m referring to here are the hundreds of cloud-based apps that will form 99% of what I referred earlier to as shadow IT. They are only in the shadow because your staff don’t want to go to the “Department of No” and more importantly, don’t need to. They can create accounts and team workflows all by themselves. This new fast-onboarding process will remove this barrier and encourage inquiry and inclusion.
But if there is no inquiry, IT will constantly be chasing what users want to hide. Encourage inquiry and at least you have visibility and can scale the task accordingly.
And lastly, get the basics right. And by basics, I mean using the standard security tools that are almost universal but infrequently used, such as a proper iDaaS system and two-factor authentication. Even Slack, the bane of a lot of IT and security departments, offers this. Turn it on. If it offers encryption, turn it on. Or even better, if it doesn’t, ban it and offer an alternative that does.
Learn from King Canute: Work with it, not against it
Some will say that any app off the accredited list that enables file sharing should be blocked, because the possibility of data loss or leakage is too great. If so, how’s that working for you? Do you block USB ports (thumb drives), web-based email systems (personal email accounts), personal file sharing accounts (Google Drive (personal), Dropbox, Box, OneDrive, Evernote), FTP access, screen capture, and the myriad other ways that data can be freely distributed and completely out of the view of IT and the organization? It’s all possible, but at what cost, to both the business in terms of productivity and IT admin time putting all that blocking and monitoring infrastructure in place?
Be realistic. Admit that this is a battle you are unlikely to win. So work with it, not against it.
Devise a strategy based on accepting the use of these great apps, and realize the benefits they can bring. Devise a plan to onboard, monitor, and control them.
But know that if employees are given the sanctioned apps, they’ll support the use of these apps themselves. Data governance and identity and access management will still be managed by IT, as will any integration through APIs. But users are self-supporting and won’t require much, if any, additional help.
This shouldn’t be a problem, as by definition, shadow IT apps are self-supported.
If the outcome of the onboarding is a definite “no,” and this could be for a variety of reasons, IT should offer an alternative app or process—one that does tick the boxes—or a timeline for when they can offer a solution. And this is where a sensible conversation needs to take place. There will be times when “no” means “no,” but if you explain it the right way, it will discourage any reversion back into the shadows.
Manage your costs
Costs are dealt with in a myriad of ways, depending on the processes within the organization. Some will have highly developed and automated authorization and recharge workflows. Others will need a friendly chat with the IT manager. Either way, everyone wins: The organization will have visibility and control of these new apps, the highly-converged teams can work in the ways they want and need to, and ultimately the clients will benefit from more a productive partner.
Protect your data
Another caveat is that your organization has the requisite identity and governance tools and processes in place. This will be absolutely essential. Cloud apps lend themselves very well to this, though, through some great iDaaS, MDM, EMM, DLP, IPS and other data protection technologies. It will also take some thought, planning, and a lot of cross-organization cooperation to put this in place.
Ignorance is not bliss
However, the alternative is to ignore the problem and hope it goes away—or worse, try and block it and no one wins. The King (Canute, not Elvis) found to his cost that ignoring the problem doesn’t work. You need to put a strategy in place that enables and facilitates these teams without the need for significant additional support resources. Changing the support model and developing an onboarding process will be instrumental in helping you achieve this.
About the Author
Gavin Whatrup (@gwhatrup) started out helping people do innovative things with data. Nearly 30 years later, he’s now helping organizations protect that data, take advantage of cloud-based opportunities, and reimagine the role IT can play in the new age. An early adopter of virtualization and hybrid cloud, Gavin recently managed the migration of his organization to Office 365, across 12 companies and 1,000 users. From small data analysis company, via marketing start-up, media and advertising agencies to marketing communications group, Gavin has tracked the rise and rise of IT as a core corporate function, which at its heart is a people-based service, doing amazing things on a daily basis.