<img src="https://secure.leadforensics.com/51024.png" style="display:none;">

Overcoming Shadow IT With Deployment-as-a-Service

In 1876, a plant new to the United States called Kudzu, was introduced at the Japanese Pavillion at the Centennial Exposition in Philadelphia. Due to its fast growth, the Soil Conservation Service encouraged farmers to plant Kudzu as a ground cover to prevent soil erosion during the Great Depression.

Since then it has spread like wild fire across the South and now in Canada, Australia and New Zealand. Kudzu has an enormous ecological impact: it is quickly overgrowing native plants and trees, literally suffocating them by shading them. The invasive plant also upsets the delicate balance of nature by reducing the soil carbon stocks by changing the leaf composition — which possibly contributes to climate change!

Overcoming Shadow IT With Deployment-as-a-Service.png

Shadow IT Creates Kudzu-Like Problems For Enterprise IT

While the impact of one little plant on our entire planet might be interesting, you are probably wondering why I am telling you this. Well, modern enterprise IT faces similar problems. Traditionally, IT was the central hub for requesting, purchasing, and maintaining applications and devices. Ideally, IT would check if the new app meets corporate standards and complies with security policies and government regulations before receiving approval. Then it would go through a standard packaging and testing cycle, and be deployed to the end device.

This process is time-consuming, resource-hungry, and frustrating for both parties involved, especially if the business wants their new application right now. It is just one example of why business units often grow tired of waiting on IT, citing a lack of agility and response to their needs (and boy can they be needy!). In the past five to ten years (especially with the adoption of cloud-based solutions), business leaders have often bypassed IT in their technology decision and purchasing process — creating a so-called Shadow IT. Gartner estimates that in 2017 "38% of technology purchases will be managed, defined and controlled by business leaders." 

Whilst this approach is far more agile, if not managed correctly through proper controls, this activity can result in Kudzu-like problems. Application sprawl means multiple touch points for vendors who delight at the lack of a centralised procurement contract, lots of application versions begin to establish, functionally similar applications spread, and no one is really managing them — making it impossible for IT to keep the entire organization secure, properly licensed and compliant with government regulations, corporate policies and standards. Basically, the organization is rapidly overgrown by unapproved, unmanaged, out-of-control applications (also known as application sprawl) that somehow need to be reigned in again. Of course, the knock-on effect to migration projects is huge, with our already stressed project managers often tasked with bringing this environment back under control.

But it is unrealistic to expect we will ever go back more traditionally managed IT again. Business units have gotten used to their freedom and are not willing to solely rely on IT anymore! So what are we to do? The only thing we can do: Make lemonade out of lemons!

Making The Best Of Shadow IT: Deployment-as-a-Service

Over the past year, we have written a lot about Evergreen IT or IT in "Business-as-Usual" mode: why it should be part of your long-term IT strategy, what you need to do to achieve Evergreen IT, how to use Office 365 and Windows 10 as stepping stones, and even about the budget dilemma that Evergreen IT creates for most IT organizations. 

But most of these articles were talking about the theoretical concept rather than a practical application. Today, I want to introduce you to the concept of "Deployment-as-a-Service" as a more agile way to deal with the increasing application complexity and ability to fulfill the requirements of business units much faster. We will break this out in three use cases: OS-as-a-Service, Hardware-as-a-Service, and Applications-as-a-Service. 

Deployment-as-a-Service can be defined as proactive and centrally managed IT services that business units can subscribe to. That means, IT won't be throwing software packages over the wall and keeping their fingers crossed that business will actually make use of them rather than try to find another solution elsewhere.

In other words, IT becomes the central hub that, with the help of a central IT command and control center, maintains all apps according to all relevant standards, policies, and regulations as part of the evergreen IT framework. In addition, IT will also track application usage, licensing and other app-related data and, should it become necessary, remove and re-certify applications on a periodic basis.  Think of IT as the information owner and governance standards and process control.

Business units, on the other hand, can control their own scheduling, email communication, and other deployment tasks. This has the benefit that business units can decide who receives what, where and when, rather than IT deciding what they think business units want and what they are going to get. 

In practice, you would use an IT Transformation Management solution, such as Juriba's Dashworks, to create the central information and process hub telling everyone what needs to be upgraded, how ready it is for upgrade, and when the upgrade should occur. Since the tool would hook directly into Microsoft's System Center Configuration Manager (SCCM), it can push all the changes directly through the system. If there are any changes in the live environment, IT can inform the business unit who can then go back to IT and ask them to certify applications according to corporate standards. Once they have the green light, the business units can implement them. Sample questions you should consider asking are:

  • What regulations, policies and standards do we need to define as part of the project framework to deliver services?
  • How will we manage, track and, if needed, push services?
  • How will we manage a central app certification, packaging, and testing process?

Now, let's take a closer look at exactly what it will look like when you subscribe to a service that will upgrade your Operating System, your hardware and your application portfolio:

Operating System-as-a-Service for Windows 10 Branching

Unless you have been living under a rock for the past two years, you know that Windows 10 updates are being delivered in an "as-a-Service" capacity in the form of twice a year feature and monthly quality updates. Therefore, Windows 10 brings organizations into a perpetual OS upgrade cycle and IT departments will need to become more agile and proactive to ensure continuing security and application compliance.

Building on the Deployment-as-a-Service concept described above, IT organizations would create a Branch or Servicing Management strategy leveraging the Windows 10 Deployment Ring concept and set up a general project framework within the IT Transformation Management tool that adheres to all relevant standards, policies and regulations — answering the following questions:

  • Which hardware is compatible with the latest version?
  • Which applications are compatible with the latest version?
  • How are you going to deploy the update (big bang, migration waves, by department, by location, other methodology)?
  • How will you manage different gold image(s)?
  • What business testing do you plan to have in place and how will you track status?
  • What communication do you plan with your end users and when?
  • How will you track overall readiness status and deployment against the fixed end of life deadline date?

Application Delivery-as-a-Service

Similar to the OS-as-a-Service, Application Delivery-as-a-Service can be defined as the proactive management of your application estate which will become a necessity to support as-a-service methodologies. Instead of allowing a wild forest of not-standardized, unmanaged, and unsecured applications, IT can set up an application store including a subscription service to maintain and update it for its business units. To achieve that, you should ask yourself:

  • Which applications are end-of-life/a security risk?
  • Which applications are kept under maintenance, and which are in twlight phase?
  • Which applications will work on the next Windows branch release?
  • Are we over/under-licensed based on application usage information?
  • Have we got a budget to keep applications in-warranty cycle?
  • How will we manage applications as a service to our business?


Last, but not least, let's talk about hardware. In the past, we have talked about hardware refreshes that are being managed in Business-as-Usual mode without a dedicated project, budget or resources. While it is more sustainable and cost-effective to manage devices according to their natural lifespan, the process has to be managed properly.

A proactive, Evergreen Device-as-a-Service can do that for you by keeping a close eye on your hardware estate and alerting you if an update or refresh is needed. Particularly in relation to Windows 10 servicing, certain hardware drivers need upgrading alongside a new version, and some hardware simply won't work any more. Some of the crucial questions to ask are:

  • Which hardware is end-of-life/a security risk?
  • Which hardware will work on the next Windows branch release?
  • Do we know where our hardware is and who owns it?
  • Have we got a budget to keep hardware in-warranty cycle?
  • How will we manage hardware as a service to our business?


No matter if you start by implementing your Deployment-as-a-Service by tackling your Operating System, applications, or hardware first, it is crucial to engage with your key stakeholders early on and get buy-in, not only from executive management, but also from the business units. Explain the benefits and how business units will be able to self-service IT services from now on — making them less reliant on your team all while putting them in control. Executive management will be excited to hear about becoming more compliant and agile — helping them drive their Digital Business Transformation agenda. 

In addition to the benefits, it is crucial to the success of your new modus operandum that you have the right tooling and processes in place that allow you to offer self-service and automated email communication capabilities to your business users as well as dashboarding and approval workflows to your management. But most importantly of all, you need that central hub, that command and control center that holds it all together. 

Sound interesting? Click below to schedule a demo with our team today and we will show you how Dashworks can make Deployment-as-a-Service happen in your organization!

Click here to request a Juriba demo