Okay, now I'm just laughing out loud. My org has an internal/external reputation for not exactly being fast moving and having convoluted IT processes, yet we can onboard people within a few days.
If it takes you 2-3 weeks to onboard ANYONE please realize that your IT processes are complete, unmitigated garbage. Paying Microsoft for some Windows VMs through the nose isn't going to change anything about that.
This it true but I've seen orgs in the past where a business unit would happily pay quite a lot of money to avoid going anywhere near central IT.
I think the most extreme example of slow process I saw was an organization where central IT wanted to charge $20k and take two months to quote for a project.
In that kind of environment things like this with opex pricing that can be assigned to a project's budget and fast spin up are a much better option :)
I've seen this arise from financial policies whereby the IT cost centre must be financially self supporting.
Hence IT department has to charge everything it does, swamping everyone involved - business and IT both - in bullshit paperwork, taking time from everyone. Like a finance version of fighting entropy, you can have everything perfectly neatly ordered but it takes effort.
Then someone in IT gets sick of hearing bullshit hopes and dreams ideas from business;
"Ok, but what if cereal box toys were spruced up with crypto? Go cost it up will ya?"
And so IT swings the financial ban hammer with $20000 quotes. Bullshit begets bullshit.
There will be a "who you know" club of people from business and IT who can skip the bullshit, not fill out the financial paperwork, meet over coffee or lunch and hash out ideas. If this club does not exist, woe betide the company.
I worked at one place where the running joke was if central IT pushed for a solution, it was time to seriously consider the competitors to that solution.
At my current company, my department would be able to find more experienced contractors for well below what another department here rents them out for.
So I can see internal pricing being an issue as well. Internal IT charges for quotes. MSFT just quotes.
This happened at a prior company as well. IBM was routinely hired over our internal team as they were cheaper.
I'm a security person. I often work with my customers' central IT. I'm not going to have an opinion or judge you, but consider:
You're giving people nightmares. I've seen it go very wrong (front-page news wrong). And then the threads commenting on "how incompetent can they be, blabla". I've worked with the people stressed, sad and disappointed that they got pwned because of shadow IT. It's a ticking time bomb.
The cloud wont save you from shadow IT's insecurities. In two years, when you switch to another SAAS provider, or the domain changes, and the enterprise app is left in your azure subscription, and the baddies notice... Then you'll call me or someone like me, and I can earn my paycheck :)
A properly functioning IT department will say using the SaaS is fine as long as they conduct a security review of it and how it'll be used and integrated. (For example, if it's Dropbox and one of the proposed directories to be synced contains trade secrets, that's something they'll want to know about and deal with or prevent ahead of time.)
I've also see shadow IT be the only part of the IT operation which is safe because it was run by people with security expertise, the cloud provider has a stronger security foundation than on-premise (not uncommon), and central IT's security group was primarily a compliance shop which had lots of Word documents and not much in the way of technical skills.
The way I read shadow IT is as the requirements analysis central IT hasn't done. People aren't taking on all of that extra expense because they want two jobs, they're doing it because central IT is making it hard to do their jobs. When security policies conflict with productivity, it has a direct cost from inefficiency but often a greater one by training people to think of central IT as an obstacle to be bypassed rather than an ally. That inevitably causes other problems and takes a considerable amount of work to improve.
> You're giving people nightmares. I've seen it go very wrong (front-page news wrong). And then the threads commenting on "how incompetent can they be, blabla". I've worked with the people stressed, sad and disappointed that they got pwned because of shadow IT. It's a ticking time bomb.
Who cares about front-page news wrong lol. Equifax was front-page news wrong, and there were 0 actual consequences for people in it.
I've been in security in various roles for a while now and what I've found is, in companies where IT is treated as a cost centre and Security say no to stuff, Shadow IT will always be rampant.
If you put someone in business into the position of choosing between getting their job done/making money and adhering to a set of IT/Security rules, I can tell you which one they'll take :)
How do you avoid this? Well it's not easy and it's not cheap. The most important part is ensuring that IT isn't treated like an expense, but an enabler. then you work with your business teams to make sure they have the services they need to get the job done, as safely as possible.
Security teams shouldn't be blockers, but advisors. for this to work, it needs to be acknowledged that the business leaders own the risks ofc.
That's massively easier to write than do, but from what I've seen of various companies, it's pretty much the only way to have a chance of doing things without huge amounts of shadow IT.
I'm too junior to make decisions, but a lot of it basically came down to the organizations I have worked with all either being government or running things on quarters.
In the former case there was high turnover (replace the team in 1.5 years) and in the latter cases there was high turnover coupled with a problem more than a month away not being considered a problem. So in the former knowledge poured out the door and in the latter knowledge poured out the door and nobody had an interest in anything beyond the quarter, so you do what gets you to the next review cycle.
Basically in both cases the bomb does not matter as you either probably won't be there when it goes off or it doesn't matter as you miss your quarterly goal instead.
You definitely bill. You'd go out of business otherwise. 30%-80% of consulting is dead time waiting for the client to get their shit together. Time you get a good intuition for including in your Scope of Work from the beginning.
It can make it a little awkward when you finally work for a client who knows what they're doing and you do "8 weeks" of work in 5 days, but that's rare.
Not really any different than when you're an FTE and you're dependent on external factors to get your work done.
Yes it does, because then you don't need to deal with IT but can just deal with accounting and your budget.
At a former workplace, we got our own internet connection to not have to deal with IT. We got our own computers for that connection. We hired outside contractors instead of using internal people because IT was a hassle to deal with.
We spent tons and tons of money to only have to deal with accounting and not coordinate with IT.
Yeah - the reality is that actually getting good IT is not so simple these days. The setups are complicated - you are doing WFH, so you have network, login (domain vs local), federated AD etc etc.
Now if they can simplify this a bit into the cloud, the key for business is to DOWNSKILL this so basically an office manager can do it, then you are golden. If they can even save ONE it salary - amazing. And if users can self service a bit more - also amazing.
> At a former workplace, we got our own internet connection to not have to deal with IT. We got our own computers for that connection. We hired outside contractors instead of using internal people because IT was a hassle to deal with.
You built a better IT. Shouldn't they replace your existing legacy IT dept?
I've got a friend who got a contracting position at the US Dept of Veterans Affairs and he said they hadn't given him the right access after 2+ months into a 6-month contract.
>If it takes you 2-3 weeks to onboard ANYONE please realize that your IT processes are complete, unmitigated garbage.
I want to redirect this to a certain authority in The Netherlands, but I might get shot. It takes more than month to onboard and even then, you still need to do something extra to get certain rights.
You have tens-of-thousands of profitable companies with such "unmitigated garbage" IT processes. Since they continue to remain profitable despite disaster-IT, they exist and hence will buy stuff like this.
If it takes you 2-3 weeks to onboard ANYONE please realize that your IT processes are complete, unmitigated garbage. Paying Microsoft for some Windows VMs through the nose isn't going to change anything about that.