80% of the IT Budget is Invisible
With the passage of time, a number of estimates and surveys are converging on a rather alarming reality: the majority of IT spending in modern organizations is invisible to CIOs and IT managers tasked with managing and supporting technological devices and solutions. In fact, as much as 80% may be invisible.
On its own, this lack of visibility represents a loss of control of a key resource input; it is not trivial. However, the true scale of the problem only becomes apparent when one considers the literal trillion-dollar value of global IT spend. According to Gartner, businesses worldwide will spend in excess of 3.7 trillion dollars in 2015 alone, and each subsequent year will see further growth. In other words, should the above-mentioned 80% estimate hold true, nearly 3 trillion in IT spend is disbursed with little to no oversight, and, more significantly, without defined cause-effect relationships with organizational outcomes.
Importantly, there is very good reason to believe the projected loss of IT budget control is a good approximation of reality. In particular, surveys of shadow IT usage clearly highlight how application and device use can escape company scrutiny. For the uninitiated, I define shadow IT as the use of unauthorized devices and applications for work purposes. In recent years, unauthorized Dropbox use has become a prime example of IT losing control of employee technology use. Fully 20% of employees across a wide swath of industries use personal, rather than corporate, Dropbox accounts as part of their workflow; more than half of these employees do so in knowing contravention of company policies forbidding the practice. When the total rogue deployment of applications is considered, Symantec found that up to 83% of large enterprises have seen their sensitive/proprietary data being placed in unauthorized applications or cloud storage. This is not benign – this state of affairs opens up a host of liabilities for companies in addition to lost proprietary (and competitive) information.
The lack of visibility extends far beyond virtual assets; the widespread bring-your-own-device (BYOD) trend is another source of asset invisibility for IT managers as well. In this trend, employees bring in their smartphones, tablets, PC/Mac laptops, and even full desktops into the workplace for professional purposes – all without obtaining prior approval. The immediate problem in BYOD is security risk; after all, the IT department cannot secure unidentified items. Beyond security issues, the added logistical problem of IT staff having to support and secure technology for which they have no documentation (and, in some cases, no expertise) is huge. It is a strain on the budget for which there can be no real planning as there is no control over employees’ personal choices. The larger difficulty is that organizations have been found to be legally responsible for at least a portion of the operating cost of BYOD implements in California already. With this legal precedent set, businesses in other jurisdictions may soon find themselves forced to literally pay for other people’s decisions.
The entirety of shadow IT effectively scatters IT budgets, and arises from perceived simplicity on the part of the end user. Employees use unauthorized technology out of personal preference or the desire to avoid long process/approval times through the IT department. Both instances speak to disconnection between IT and other departments. More crucially, this represents huge potential (and likely) resource waste – there is a strong probability that duplication of services happens.
Although there is little to be done regarding employee personal tastes, much can be done regarding the IT management process. In fact, I argue that a full reframing is necessary. Others have highlighted the importance of creating more people-centric policies to reduce the problem. While this is a step in the right direction, it only forms half the foundation of the solution – there must also be a method that empowers employees to actively contribute to IT management as well.
The answer to all this lies in adopting a framework that my colleagues and I have termed the “Enterprise Digital Footprint (EDF).”
The Enterprise Digital Footprint (EDF)
The EDF is a framework in which all technological devices and services are considered and managed in a single system. The reason why this is possible stems from the nature of modern technology. Note that every technological device and service can be associated with three pieces of information: data about itself (i.e., “asset data”), data about its usage, and data about the costs it bears/incurs.
Considering these three pieces of data together for all IT assets in a firm is what yields an EDF. This is the sum total of all the digital data in an enterprise. In turn, this allows a single classification scheme of virtual and non-virtual devices and services that can be matched against every user level, from the individual end user through the company as a whole. It becomes far simpler to conduct department-wide and company-wide analyses and data collection by having such a data gestalt (See Figure 1 for an illustration).
This is a large contrast to how IT assets and services are currently managed in most enterprises: multiple distinct management systems. For example, an individual company can elect to manage their mobile devices with a mobile device management (MDM) solution that is separate from their ITSM solution, which manages its IT services only. Doubtless, there will be gaps in management in this approach.
Adopting the EDF as a management framework will plug these gaps, and yield five distinct elements:
- Employee digital fingerprint: the total historical data logged by each and every employee’s use of technology for work purposes. It includes usage data on how staff uses their mobile devices, applications, emails, calendar usage, and so on. Given the ubiquity of smartphones and tablets, employee digital fingerprints can now extend beyond the standard workday – in fact, I would argue that most modern employees leave data trails 24 hours every day
- Integrated ecosystem: the network of all data sources and direct (virtual) links among enterprise devices and services provided by suppliers, vendors, and partners
- Asset transparency: visibility of an asset (device or service) in terms of its identifying information, employee assignment, usage data, costs incurred, and other financially-relevant information
- Self-service (alternatively “social IT”): this is the empowerment of all employees to become much more autonomous with respect to both getting and giving IT support. Employees are given the software tools to do a range of more mundane tasks such as device/service validation, reassignment, and retirement, among others. They would also be empowered to do simple procurement requests within pre-approved funding levels
- Actionable data analytics: finally, the EDF at its core is a massive data repository. Functionally, this information can be applied to a variety of models and analyses – all of which can be used to encourage better business decisions
The benefit of the first three elements to enterprises is relatively self-explanatory: greater visibility of assets, thereby allowing better management. In fact, these three elements represent a strong beginning to solving the problem of low IT budget visibility. However, the latter two elements, self-service and actionable data analytics, provide considerably more benefits than transparency.
Benefits Beyond Simple Added Visibility
At the simplest level, self-service audit greatly frees up the IT department from having to fulfill low level IT tasks (i.e., they can take actions themselves on low-level tasks such as password resets without the IT department becoming involved). Additionally, the process of empowering employees also allows the employees themselves to become nodes in a network of information and support for other non-IT personnel. For example, an employee equipped with self-service IT tools could autonomously return a device that is perfectly serviceable but no longer suitable to his job function. In this way, the device becomes available for reassignment elsewhere in the organization. Without the self-service enabled by the EDF, the device would have languished unused and the firm would have wasted funds purchasing the same type of device for other employees. Overall, self-service audit is a faster path for organizations to re-use, recycle, and repurpose their IT assets and services – all of which directly benefits their bottom line (See Figure 2).
Most importantly, self-service IT is also the means through which employees can directly contribute asset visibility to the firm for planning purposes. On an annual (or other interval, as defined by the firm) basis, employees themselves perform the validation and audit of all the services and devices they use. This is a more immediate monitoring system that bolsters the detail of the EDF.
In fact, self-service audit contributes a great deal of information to actionable data analytics. Such audits reflect usage (and changes) that can be put to immediate use in deciding organization-level actions. This is a key improvement. A crucial factor to good management lies in making complex decisions amidst swaths of unknown variables; reducing the variability can only improve long-term management actions. Trends can be discerned, comparisons of company performance can be more precisely made against that of outside companies and forecasts on a variety of factors become more accurate.
Thorough adoption of the EDF as a framework promotes self-service audit. As such, it is an efficient, effective, and elegant method of removing the systemic veil that currently hides IT spend and obstructs proper budgeting. It also greatly improves the volume of business intelligence. As technological advances continue to outpace IT spending growth, the simplifying power of the EDF as a management framework becomes a prime contributor to great leadership, both in-company and beyond.