How Victoria's DELWP is tackling shadow IT

Whilst most CIOs consider the ad hoc IT decisions made in business divisions a scourge, Victoria’s Department of Environment Land Water and Planning (DELWP) has revealed its radical method for tackling it is to permit it.

At the CeBIT conference in Sydney yesterday, DELWP CIO Claire Foo said this unusual approach was not only effective but also necessary if progressive organisations were to get the maximum benefit from technology.

Foo said that while the community expected technology to give it easier ways of engaging with government, public sector bodies were struggling to keep up.

“It’s about technology providing the right information at the right time to the right people. It’s about open data to drive economic progress and productivity and it’s even about data to drive insights to influence other policy decisions. And all of this is [to be done] without compromising the privacy of citizens and their information," she said.

"Currently, I would say that in government none of us do this particularly well. I’m happy to stand corrected [on that]."

Foo argued that, like many government IT departments, DELWP was simply too poorly resourced to keep up with the needs of its business line managers.

“We might be able to give a couple of people some iPads or we might be able to develop a couple of apps but that’s not going to be enough," she said.

"We are actually too slow and too cumbersome for our organisation to work with and I know that’s not just the experience of government departments. It’s in IT departments across the board."

The situation had led to a surge in so-called “shadow IT” and technology decisions “going underground” as the organisation’s business units took matters into their own hands in protest. 

Some, Foo said, were purchasing their own devices and using cloud services like Dropbox well outside the strict security frameworks designed to protect government and citizen data.

However, she said fighting shadow IT was a lost cause and that it was better to trust business units to make their own decision within a framework “without allowing a free-for-all” across the department.

“One option I suppose is to lock it all down, go back to that idea of the dark art of IT – everything behind closed doors and no one doing anything without IT being in there. But that won’t happen and we know what happens when we try," Foo said.

"We need to take a leap of faith and assume that those who are close to staff, those who are close to our customers, know what’s best and know what they need to do.

"And we have to assume that our staff want to do things well – that they don’t want to compromise security, they don’t want compromise the privacy of our citizens and they don’t want be in the cover of the Herald Sun and splashed across the country."

As a result, DELWP has developed an operating model that defines risks and responsibilities shared by the department’s dedicated IT division and its various divisions.

“Where a group has responsibility for a business function they also have responsibility for the IT that supports that function. They therefore make decisions based on their needs, their budgets and their resources,” Foo said.

She told iTnews the model was more relevant to services than consumer devices and the so-called “consumerisation of IT” that has begun challenging CIOs in recent years.

It is intended more to accommodate the independent purchase of software delivered as a service than cater to personal preferences for devices among departmental staff.

Foo admitted this approach had led to a degree of service duplication within the department, but argued it also cuts out the need for long and complicated tender processes driven from the upper echelons of the organisation.