IT at the crossroads: Lead or fade away

Forrester Research recently sent a warning all IT leaders should heed: It strongly advised businesses to remove IT from leadership in tablet efforts because IT isn’t suited for discovering business value. “IT dominates the tablet decision process, and it shouldn’t. … Business-driven tablet programs will uncover transformative opportunities,” wrote analysts Ted Schadler and Simon Yates. I know them both, and they are among the top thinkers in this space.

The IT community is facing an existential decision about technology in general, not just tablets: Should it retreat into the data center whence it came, or can it evolve into a broader strategic role advising and enabling better business through its technology acumen? In other words, does IT become the facilities group for infrastructure technology, making sure the lights are running and the HVAC is working, or an internal strategic consultant more like (the model) HR, legal, and finance departments?

[ Consumerization is about way more than iPhones and cloud apps. Galen Gruman traces the fundamental forces shaping the new technology reality in business. | Subscribe to InfoWorld’s Consumerization of IT newsletter today. ]

It appears that some in IT prefer retreating into the data center, safely surrounded by their servers and away from those “end-users” so distant from the core systems IT manages. But I’ve also met many CIOs and IT leaders who want to make the leap out of the 1960s-era data center mentality into the 21st-century technology-enablement business. The IT community is wrestling with a sea change in its role as technology has become democratized — the promise of “digitizing” business that IT made in the 1990s is now coming true.

The uncomfortable reality in business today However, even those who aspire to a strategic role may find the window closing, as businesses tire of waiting for IT to act strategically and take on technology leadership themselves. That’s the dark side (for IT) of the consumerization phenomenon, where employees assert their choices on how they do their work and the tools they use, at least in so-called front office activities like sales, marketing, customer support, planning, and R&D.

The consumerization notion, popularized and formalized with the rise of the BYOD movement two years ago, is an uncomfortable one for many IT pros, as it challenges their supremacy on matters relating to technology. Such defensiveness comes from insecurity — confident IT would be happy to open the gates because it would know its role and its value are secure.

But self-confidence is not easy for many in IT. After all, IT has been beaten up a lot in the last 20 years, even as it has also been celebrated. IT brought us e-commerce, email, and Web access, but also disruptive ERP deployments, confusing HR and other corporate apps, periodic email outages, and lots and lots of red tape. IT initially resisted PCs, the Internet, email and messaging, social media, cloud services, mobile devices, and all the other on-the-desk technologies we now take for granted, then tried to build a prison around them that employees had to enter to use them — users haven’t forgotten or forgiven that.

At the same time, a wave of compliance requirements imposed by the government after waves of corporate crimes and mistakes that cost taxpayers hundreds of billions of dollars — the Enron energy manipulations, the near-constant stream data breaches of personal information, the housing-market derivatives manipulations that tanked the world economy, the systematic misuse of insurance systems to deprive people of health care, and this year’s LIBOR revelations, to name a few — has largely been approached by businesses as an IT problem, handled through technology systems. That’s put IT increasingly in a policing position around the information that has been abused or manipulated — and, worse, as a narc who is allegedly wasting company time by playing Angry Birds or shopping online.

IT did get a real take-down after first the dot-com crash and during the recent recession, both after enjoying immodest rewards first in the post-Y2K era, then in the post-9/11 era. But IT is again growing, with low unemployment rates, even with the jobs lost to offshoring.

Users, meanwhile, are not doing as well. They too were hammered during the downturns, but haven’t reaped such rich rewards (unless they’re senior executives). For many, IT is the group that automated away their colleagues’ jobs. Employees in general are suffering from a deeper malaise that makes them both jealous of techies’ success and less tolerant of being controlled. Per a 2010 Conference Board report, “47 percent of people employees are satisfied by their work, a percentage that has plummeted over the years [from 61 percent in 1987],” says management consultant, author of the forthcoming book “Rebooting Work,” and former eBay COO Maynard Webb. “People are less and less willing to cede control to their companies. They also expect choices.”

It’s a toxic stew, even in healthy corporate cultures.

Choosing to be strategic Twice a year for the last seven years, I’ve had the pleasure of being a panel moderator at the Telwares CIO Global Forum, an invitation-only, off-the-record, stimulating gathering of several dozen forward-thinking CIOs drawn from a wide range of industries. Through that and other forums, I’ve seen the change in thinking about the IT role.

Five years ago, getting a seat at the executive table was the goal. Two years ago, the concern was dealing with assertive users demanding iPhones, Macs, and other nonstandard technologies, while handling the uncertainties brought by the use of social media; employees not only had new channels to speak out, but could do so to the entire world. Most recent, the concern has been about being relevant to the business — an existential concern.

Their journey is the one that most IT organizations are taking, though I suspect most are where the Global Forum CIOs were two years ago. From these thinkers and others, I see IT needing to make a stark choice about its role — a choice that will be made for it if IT decides to say the current course.

One option is to let go of technology in the front office: the hardware and software technologies users access directly. Gartner analyst Laura McClellan, for example, recently predicted that by 2017, marketing will have a larger tech budget on average than the CIO does.

This choice leads IT back to its data center roots, as a skilled tactical department: managing the network, running the big back-end software such as ERP and transaction systems, and providing (likely through outsourcing) general-purpose technologies such as Exchange, Active Directory, technical support, single sign-on, and perhaps core databases. Smart IT organizations would provide APIs and an architectural framework for integration of front-office technologies.

The other option is to let go of the policing activities, manage the core back office through a subsidiary group (much like a strategic HR director manages payroll but does not let that define her core value), and redefine the bulk of IT as internal technology consulting. I believe this is the best choice for most companies — both for IT and the business departments. Here’s how it could unfold:

The CIO should stop managing security, compliance, and governance for the company. Security, compliance, and governance — all of which really mean risk management — are the whole company’s business, not a technology problem. They should be a horizontal function like HR or legal, addressing physical, information, financial, and strategic security concerns in a unified way based on assessing the risks likely to matter and the costs of reducing them. Today, security is (ineffectively) treated as a disease best cured by throwing technology straitjackets around people and processes at almost any cost, not in a thoughtful, considered, holistic manner that it should. Compliance and governance are often treated the same way.

Security, compliance, and governance have become a technology game that IT can only lose — and that the business has happily ceded, so they’re no longer a business problem. But like productivity, they are a business problem and should be owned by the business as a whole. Even if a CIO was willing to give them up, he or she likely won’t find anyone who wants to pick up that set of radioactive matter.

But there’s hope. As technology has democratized, users and business units want control over the technologies they work with. Let them have it — along with the security, compliance, and governance ownership. That has to be the trade-off: If you in the business departments want to be treated like adults, act like one. Only then will we in IT stop treating you like a toddler crawling along a cliff. (Yes, you can call us when the car breaks down or you get lost.)

Obviously, a CIO needs to support security, compliance, and governance needs — determined by others — where technology can help, especially around the core assets that will likely reside in the data center. For example, IT should help implement policies on data access, auditing, and manipulation based on the risk profiles and, thus, permissions the company (not iT) decides it needs — this basic policy-based management should be in place anyhow.

But supporting security, compliance, and governance doesn’t mean taking responsibility for them, any more than an accounting department takes responsibility for the spend decisions of a business manager. Accounting audits spending, looking for exceptions to legal requirements and corporate policy; IT’s role for security, compliance, and governance should be the same in those areas where technology has a role. But no more.

Getting IT out of the police game will go a long way to moving IT out of the “no” modality.

IT analysts should be embedded throughout the organization. IT is one of the very few departments that sees how the entire company operates. It has an unparalleled view into business processes and information types, given that most of these are now digital in nature in most companies. That insight is the basis for where IT can make a big, positive difference: strategic consultant.

Rather than worry about whether a user has an iPad or a Windows laptop (or who owns it); about whether a person uses Quickoffice, Pages, or Word; or about whether a person accesses Dropbox, Google Docs, or SharePoint, IT should be worrying about how a user can get the best business results from the technology services, apps, and tools available.

Analyze the business workflows and processes. Look at the technologies in use and available. Make recommendations. Test out possible options through pilot projects. Educate, train, and reassess users on their use of technology to get better results. Help solve problems that matter. Be a real guru, an ally, an enabler. People will fight to get your attention, not look for ways to work around your rules.

Your in-the-field analysts, support desk, CTO (or whatever you call your technology exploration leader), and process experts should compare notes and see where acting together they can do more than better individual employees and departments — to identify what can be brought to the company more broadly in addition to what is being done at the individual level. Having individual gurus is nice, but having a team that sees the larger picture and can coordinate the individual gurus for greater effect is even nicer.

Of course, you can’t do any of this if you can’t handle the basic mechanics of email, networking, and so on. But there’s no excuse in 2012 for bad execution of the basics. Any IT organization still failing in those areas needs to be fired and replaced. If IT is still a mess, blow it up — as you would a sales team that doesn’t sell or a product development team that can’t create products people want.

I suspect — or at least hope — that most larger organizations are well beyond the “keep the lights running” stage of IT. For them, there is a choice to be made in a technologically democratized workplace: Retreat to the data center or become a true part of the business. Getting there won’t be easy, even in companies where both the IT and business leadership have a clue. But if you don’t go there, you’ll at best be an engineer locked in the engine room — an outsourceable engine room. Wouldn’t you rather have the run of the ship?

This article, “IT at the crossroads: Lead or fade away,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Smart User blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.