Putting Guard Rails Around ShadowIT: Reference Architecture-as-Code


Central IT groups and CIO’s have always been accountable for the governance of their software portfolios.  Historically this has been through top down approaches.  For certain aspects of the business, such as accounting, real time computing, manufacturing, etc, such heavy handed governance is critical to prevent the loss of life, money or physical goods.  These approaches become far less effective, however, as software development moves away from these mission critical use cases.  The result is frustrated line-of-business’ adopting tactical, “Shadow IT” solutions that let them get to market more quickly without having to navigate often bureaucratic Central IT groups.  

The alternative is for Central IT to deliver offerings that are more attractive than Shadow IT solutions, without compromising their ability to protect the organizational interests with their governance. API’s, Application Networks, Service Meshes, Low Code Frameworks and DevOps provide the foundation to support both modes of IT delivery.  This provides a foundation for federated teams to develop business functionality, through API’s and applications, independently of Central IT (and each other) using the tools Central IT provides (and manages).  Central IT, if this model is successful, essentially appears and operates as an internal private cloud operator (ala AWS, GCE and Azure), layered with Software as a Service (SaaS) solutions specific to their business needs.  

In this “ShadowIT Sprawl” world, Central IT’s accountability, however, has not gone away.  The following are still very much concerns:

Reference Architecture as Code (RaaC)
Reference Architecture as Code (RaaC) - Addressing the Challenges of ShadowIT

And, as Central IT is tasked with securing and governing the issues above, the realities of the speed of business still require Central IT to support foundational differentiators for the business:

  • Fast(er/est) time to market for software products
  • Asset/API Re-Use to Minimize Complexity / Maximize Velocity
  • Ensure Developer Efficiency

Addressing the Gap

Omni3 Partners, LLC (in conjunction with its subsidiary HyperCurrent LTD) has created a methodology, coupled with a software solution, to help the CIO and Central IT groups attack these challenges.  This approach, which we call Reference-Architecture-as-Code (RaaC), allows Central IT groups to simultaneously enforce multiple federation models while maintaining governance over their IT portfolios.  It begins with an Enterprise Maturity (EM) Assessment to ensure that as we move along the spectrum of RaaC, O3P and our clients measure progress and success every step of the way, always focused on the outcomes of Maximizing Velocity while Minimizing Risk.

Maximizing Velocity while Minimizing Risk
Maximizing Velocity while Minimizing Risk

Our clients’ journey and continued evolution is governed by the customized and specific RaaC that we assemble with the client’s team.  The RaaC provides the guard rails for all the stakeholders to manage their evolution during and after O3P’s engagement with boots on the ground.  At a high level, a typical RaaC consists of the following:

Reference Architecture as Code Features

RaaC Outcomes - In Simple Terms

Maximizing velocity while minimizing risk is obviously something that is critical to the Central IT organization, but what does that really translate into for the rest of the business?  What does that mean for the LoB’s and BU’s...the following graphic captures the feedback we have received from our clients as we have managed their journeys with them.

Transformational API's

To learn more about RaaC and how it can help solve your API federation challenges and help evolve your enterprise embrace Transformational API’s,  please contact raac@o3p.io