The futility of ‘Red-Flag’ IT Policies

I come across many organisations that do not have robust policies around file sharing which inadvertently perpetuates the challenges around ‘shadow IT’.

Many organisations have gone down the prohibition route by simply ‘banning’ attachments in emails or imposing impractical ‘red flag’ rules; so-called from the laws enacted by the United Kingdom and the United States in the late 19th century, requiring drivers of early automobiles to have a pedestrian walking in front waving a red flag to warn bystanders of the vehicle's approach.

All the National Geographic documentaries we’ve watched over the years tell us how innovative us homo sapiens are.  When confronted by a problem; like ‘red-flag’ IT policies; as with the early automobile enthusiast; we are pretty good at figuring out a way around it. 

Again, the Challenge for the IT Change Leader is creating an information infrastructure that is sufficiently agile to keep pace with the demands of a 21st century organisation.  And that is not just outsourcing to the cloud.  I would describe this information infrastructure as comprising all the technical, data, policy, and organisational elements necessary for users to discover and access the information they need to successfully fulfil their requirements. 

The root cause of Shadow-IT then is two-fold.  1) On the one side, IT Managers and/or IT Architecture unable to meet the demands of the business and 2) folk at the coalface who are deft at finding a way to solve the current problem.

If someone is doing something outside of policy.  Why?  Are they ignorant of current capability?  Do they have a business requirement not being met by current capability or policy?  Do we impose the equivalent of the red-flag in front of the emerging technology?  Or will we embrace it?  The truth is, the information architecture demanded, and indeed possible today, can deliver what every IT Change Leader craves; an unlimited capacity to respond to continuous change.