Category Archives: Shadow IT

Game of Thrones: Five Takeaways for IT

By Ben Stephenson, Journey to the Cloud

After a long wait, Game of Thrones Season 4 has officially started (no spoilers for the first episode of season 4 – I wouldn’t wish that on my worst enemy).  Amidst the action and excitement, there are some lessons IT can take away from seasons 1-3 of the show. Here are five of them:

The War Lies to the North

After Robert Baratheon dies, there is all out war for rule of the Iron Throne and control of the Seven Kingdoms. Joffrey Lannister usurps power after the passing of the king and executes the Lord of Winterfell, Ned Stark. This sparks Ned’s son Robb to march on King’s Landing to attempt to overthrow Joffrey. Meanwhile Robert Baratheon’s younger brother Renly, his older brother Stannis, and Daenerys Targaryen are also all raising armies to try and defeat Joffrey. By the end of season 3 however, it becomes known that the deadly “White Walkers” are back after thousands of years. Some people realize that the war everyone is fighting right now is insignificant because the real war lies to the north.

The lesson for IT: There is often a good amount of unrest between the IT Department and other business units. Maybe Accounting gets frustrated and places the blame for a systems failure on IT, but IT claims it was the Accounting Department’s fault for not following proper protocols. Maybe there is unrest between Marketing and IT around budget allocation for new tradeshow equipment. The lesson here is that IT needs to partner with the business and work together in order to achieve the overall goals that will determine the success of the company.

Liberate Your Users

Daenerys Targaryen, or Khaleesi, is looking to take back the throne that used to belong to her family. Without an army, she purchases a large number of slave soldiers. Instead of treating them poorly and forcing them to fight for her, she frees them all and says it’s their decision if they would like to stay and fight by her side. She then goes from city to city freeing slaves. The result? An extremely loyal and passionate army.

The lesson for IT: People will respond better if you give them choices as opposed to dictating how everything is going to work. Employees are going to bring their own devices to the workplace whether you allow it or not, so empower them to do so by implementing a BYOD program. Shadow IT is going to happen. Employees are going to bypass IT and use AWS. Provide them with a way to do so while you control costs, security, and governance.

Innovation Is Key

When Stannis Baratheon launches a full scale attack on King’s Landing with a large fleet of ships, things look pretty dim for the Lannister family. Stannis has more man power and weapons and has the advantage of being able to cut off supply lines to the capital. Tywin Lannister, King Joffrey’s uncle, is forced to think outside the box to try and defend his city. He ends up catapulting barrels of deadly wild fire onto the attacking ships, successfully fending off Stannis’ forces. 

The lesson for IT: Continue to innovate and look for creative ways to solve problems. It can be difficult to get to the strategic initiatives when your team is bogged down by day-to-day mundane tasks. IT leaders need to make innovation a top priority in order to keep pace with the needs of the business and the rapidly evolving technology landscape.

The Wall of Security

Security is critical to the survival of any organization. Winterfell and the North always relied on “The Wall” to keep out marauding Wildlings. The Wall is hundreds of feet high, made of sheer ice, and guarded by the Men of the Night’s Watch. Getting a large group of people past The Wall is extremely difficult. However, when an assembly of the Night’s Watch has to abandon their posts to head out beyond the wall, a group of Wildlings is able to scale it and cross to the other side.

The lesson for IT: It’s obviously important to have the proper security measures in place in your organization.  The lesson from the Wall though is that no matter what security you have in place, there are always ways to infiltrate your environment no matter how secure it may appear. This is why you need to proactively monitor and manage your environment.

Choose Your Partners Wisely

As the war with the Lannisters drags on, Robb Stark is in desperate need of more soldiers. Robb strikes a deal with Walder Frey to have one of his uncles marry one of Frey’s daughters to unite the families. Robb chose the wrong partner and things don’t go according to plan (and by not “going according to plan” I mean Robb, his wife, his mother, and his countrymen are brutally murdered during the wedding ceremony…).

The lesson for IT: There are a lot of factors to take into consideration when you’re deciding who to align yourself with. Choosing the right vendor for your organization depends on many factors including the specific project you’re working on, your existing environment, your budget, your goals, your future plans, etc. You don’t want to make a hasty decision on a specific vendor or product without thinking it through very carefully. This is where a company such as GreenPages can act as a trusted advisor to help guide you down the right path.

Any other lessons you can think of?

 

Download this whitepaper to learn how corporate IT can manage its environment as if it is “deployed to the cloud.” So, if and when different parts of the environment are deployed to the cloud, day-to-day management of the environment remains unchanged—regardless of where it is running.

 

 

Shadow IT Management – Which Pill Morpheus?

By Geoff Smith, Sr. Solutions Architect

 

The term “Shadow IT” has gotten more and more people thinking about the challenges we all face as we try to reign in our IT management and operations.  Recently, I caught a few minutes of the movie The Matrix…now, that movie is a bit of a visual trip, but once you get past the effects, the underlying dilemma it presents is intriguing.

It seems to me that if you accept the notion that people will gravitate towards the easiest ways to get their jobs done, than you have to wonder if the tools and procedures you have in place are likely to encourage compliance, or force rebellion.  As in the Matrix movies, what appears to be happening under the surface may actually be something completely different once you have peeled back the false construct you assume is reality.

It has long been known that IT people are an innovative and, well, curious lot.  We will try just about anything once, and if we find something that allows us to “better” manage our environments then we may cross over from the fringe into the shadowy world of the truly obscure in search of the truly arcane.  It’s almost a badge of honor to demonstrate how to solve IT challenges without relying on the industry best practices or accepted solutions.

The real question is, is this really a bad thing?  If you think back to The Matrix, the false construct did have its advantages.  Sure, you were effectively enslaved by machines, but at least they gave you a good fantasy to operate within.  You had juicy steak and cool clothes and the slickest cars (BTW that is a 1965 Lincoln Continental with the “suicide doors” in the movie).  And as far as anyone else in that reality was concerned you were as legitimate as they were.  So what’s wrong with that, especially considering everyone else is in the same boat?

Shadow IT, especially as it applied to IT Management, may have its benefits, but it also carries a lot of risk.  For every off-the-grid tool that performs a function within IT, or for every service you rely on that may not be fully vetted, you may have exposed your organization to potential abuses, both internal and external.  Where do these tools come from?  How reputable an organization was it that developed them?  Does their use create security vulnerabilities?  Do they violate standing policies or put at risk compliance?  And is the information you’re getting reliable?  How critical are they to the underlying functionality of your business systems?  Who on your team really understands their purpose and use?

So if we have accepted the fact that these tools and services exist, and that in all likelihood their use is prevalent in our industry, what do we do about it?  To blunt their use is to shut the door on creative innovation within our teams.  And frankly it’s not that easy to stop. To lower our standards and policies and embrace their use could lead us into situations where our lack of control and enforcement results in bad things happening.

Red pill or blue pill?  Do we accept the risks, and tell ourselves that those bad things are so unlikely to happen that the benefits outweigh the risks (or – hey I might just be the equivalent of a Duracell battery but since I don’t know it I’m happy)?  Or do we drop into a harsh reality where getting things accomplished might be more difficult and frankly less visibly rewarding (or – I’ve traded steak for Tastee Wheat but at least I know what I’m really eating).  What if there were a “purple” pill available?  An alternative to the options of pure fantasy or brutal reality?

There is a purple pill, and it’s not an answer but a question.  That question is why?  Why does my team feel they need to “jack-in” in order to accomplish anything in our environment?  Why can’t they get done what they need to with the approved tools and service already at their disposal?  Why do these policies and restrictions exist in the first place, and are those reasons still legitimate?

It’s about structured enablement and inclusive decision-making.  Gather your teams and work from the inside out.  Start with what they feel needs to be accomplished to meet the organizational needs.  Understand the gaps between how they work and the policies and procedures that are in place today.  Are there areas of consolidation or elimination of steps that can be taken to improve efficiencies and render some of the shadow services useless?

As you re-architect your approaches, also look for ways to improve the working environment for your teams.  Are there tasks they are required to perform that have become so rote and uninteresting that they have fallen into the shadows?  If so, rather than re-populate your teams with these tasks, look to move them into a more tightly controlled environment.  This may be accomplished by automation or even by out-tasking to a provider (under a strictly defined and controlled contract with full auditing and reporting).  And don’t forget that these “basic” functions are the foundation of a well-oiled IT machine.

In all transparency, I have watched The Matrix a number of times, and while my attempt to tie this concept of Shadow IT Management into the movie may have fallen short, I do think it’s not whether you choose the red pill or the blue one, but it’s the fact that you have the ability to make that choice at all.  There is a difference, after all, in knowing the path and walking the path.  Fate, it seems, is not without a sense of irony.