At a recent roundtable with about a dozen IT pros and executives, I heard some great stories about the challenges that IT pros face worldwide. They regaled me with stories of how corporations are struggling to mature the tech presence in their organizations.
I heard phrases such as:
- Shadow IT
- Technical debt
- Toxic environment
- Proactive communication
- Process maturity
I couldn’t help but chuckle because I heard these terms in many other sessions this year. In far-flung places from Atlanta to London and Singapore, the tune was the same.
Compromises and Cowboy IT
IT workers and C-level executives all know that to get things done, it’s often necessary to solve problems and make compromises. Sometimes, IT pros and executives skip vital steps during the creation of an IT solution. This practice incurs technical debt, a term I’ve stolen from the developer community. And here’s another problem: Non-technical managers sometimes source IT solutions completely independent of the IT department. This is often called shadow IT.
I use the term cowboy IT to describe the collective practices that lead to a toxic IT environment that results when organizations fail to use their technology strategically. These necessary decisions can, at times, result in a debt that needs to be repaid. And, if you don’t repay that debt, things can become toxic and ugly.
This leads me to an old, but really good joke that I heard in a CIO roundtable in Manhattan:
Question: What happens when you play a country song backwards?
Answer: You get your dog back, your job back, your car back, your home back ...
Well, cowboy IT works that way: If you don’t pay back technical debt, you end up with problems.
From a security perspective, if you don’t pay back the debt incurred when you use unmonitored, unpatched software, that debt could manifest itself in the form of ransomware that effectively repossesses your company. Or it could be that you end up paying for cowboy IT practices in the form of fines: GDPR and HIPAA penalties are real. Even if you don’t get hacked, you’ll still end up with an environment that leads to employee burnout and churn. When you accept a risk but never redress it, you’re going to end up with problems.
Root Causes and Solutions
I’m a root-cause kind of person. So, at CompTIA we’re leaning into the topic of cowboy IT. We’ve conducted extensive research and talked with practitioners and execs alike about how we can collectively do a bit better.
I discussed the subject further—and shared our findings—in a keynote at SpiceWorld in Austin, Tex. I’ve been told that SpiceWorld is like ComicCon for IT pros. If you didn’t catch me at SpiceWorld, there’s plenty to learn about preventing a toxic IT environment.