man balancing on tightrope
PHOTO: Mauricio Santanna

When it comes to deciding on a technology stack, enterprise IT decision-makers must strike a fine balance.

On one hand, they must work to accommodate individual employee preferences. On the other, they need to maintain internal continuity and security. 

If they fail to consider the former, they risk jeopardizing employee loyalty. But by overlooking the latter, they make their companies more vulnerable to data breaches and miscommunication.

For enterprise IT leaders, those competing considerations make the process of tech decision making uniquely challenging. How can you give employees a feeling of autonomy over the tech they use without having your corporate network devolve into an unmanaged and unsecure sprawl?

Related Article: Marketers: There's More Than One Way to Skin a Stack

An Age-Old Problem Running Up Against a New One

When business units or individual employees feel that corporate IT policies are too restrictive, they may engage in shadow IT — bypassing the IT department to deploy the technical tools they prefer. There’s no shortage of divisive opinions about shadow IT. You can easily find articles saying how bad it is, how good it is, how much it costs and how much money it saves.

The reality is that shadow IT exists somewhere in a gray area. It’s not a malicious practice; instead, it’s mostly born out of necessity. Faced with inflexible IT policies and inaccessible IT departments, employees choose the tools that will help them succeed in their roles. Whether that practice ends up being beneficial or detrimental at the organizational level depends on a company’s ability to effectively manage shadow IT.

While the potential utility of shadow IT is up for debate, there’s no debating the fact that it can have a negative impact when it’s not properly managed. According to Gartner projections, by 2020 one-third of all successful cyberattacks against enterprises will target shadow IT resources.

In addition to creating security risks, shadow IT can also cause businesswide inefficiencies. If a company’s finance department uses into App A while its sales department uses App B, that lack of synchronization can cause integration headaches.

The prospect of security and organizational consequences leads many enterprise IT decision-makers to crack down on shadow IT, enforcing organizationwide app use guidelines and imposing strict oversight on individual employee tech use. But to line-of-business employees, that approach can seem punitive — and that leads to another problem.

Strict corporate policies about technology use not only lead to the rise of shadow IT; a lack of employee autonomy over technology choices can also fuel staff attrition. According to a 2017 report about broken corporate processes by my company, Nintex, almost nine out of 10 people looking for new jobs said broken processes in their current workplaces were pushing them out the door. And of the broken processes identified in our study, IT processes topped the list.

Related Article: Shadow IT Isn't Going Anywhere, And That's a Good Thing

Striking the Balance: 3 Key Steps

Rising security risks inevitably accompany employee expectations to use whatever apps they want. To address that challenge — and strike a balance by building a digital workplace that supports both employee autonomy and organizational security — enterprise decision-makers should follow these steps as they approach tech stack management:

  1. Take a collaborative approach to sanctioning tools: Historically, employees have seen the IT department as an adversary. Instead of being regarded as a partner that helps business units deploy new productivity-enhancing technologies, IT is more often seen as the Department of No. To counteract that perception — and lay the foundation for a tech stack that supports both security and employee freedom — IT leaders should take a more collaborative approach to sanctioning tools. That means proactively involving all departments in technology decisions. Rather than just declaring what apps will be deployed across an enterprise, IT leaders should work on a department-by-department basis to understand the unique needs of each business unit, take stock of the tools already in use and then make enterprisewide decisions accordingly.
  2. Be open to (constant) change: An organization’s tech stack should never be written in stone. As a business scales, pivots and finds new audiences, its technology will need to adapt accordingly. Therefore, IT leaders should never view their work managing the tech stack as complete. It’s a continuous, collaborative endeavor that requires a truly agile approach.
  3. Know where to focus your energy — and what not to bother monitoring: When it comes to sanctioning technical tools, there are three levels to consider: the enterprise level, the team or departmental level and the individual level. For IT leaders, it’s important to focus primarily on that first category (“Are we a Microsoft organization or a Google organization?”). They should give secondary consideration to the team or departmental level (“Should our salespeople use HubSpot or Marketo?”) and largely disregard individual tech usage. From an IT standpoint, questions about the tools individual employees use in their day-to-day tasks (Does Jamie prefer Slack or Google Chat?) should be inconsequential and are not worth monitoring.

By following those steps, enterprises can lay the groundwork for managing a tech stack that meets employees on their terms while also preserving organizational continuity and security.