You can’t hide from it any longer. Shadow IT is real and it’s lurking in every corner of your organisation… right now. You can’t stop it. If anything, it’s only going to get worse…

Generally speaking, your IT department is responsible for the technology decisions made within your organisation. However, Shadow IT refers to all the IT projects in your organisation that happen without the permission or knowledge of your IT department. And it’s a bigger ‘problem’ than you may think; according to research from Vanson Bourne, 60 per cent of CIOs1 say they believe Shadow IT is becoming increasingly prevalent within their organisation.

Exposing your organisation

The biggest issue with Shadow IT is the security concerns it raises. Gartner claims that by 2020, a third of successful attacks experienced by enterprises will be on their Shadow IT2. It’s a fact that Shadow IT can leave your organisation exposed to unnecessary risk. The vulnerabilities occur because people delivering Shadow IT in your organisation are not necessarily skilled in the right practices and therefore don’t know how to properly establish IT infrastructure and mitigate risk.

A typical IT department will have guidelines on how to introduce new software to the infrastructure safely and securely. This will include rigorous testing and a detailed onboarding process. These processes exist for the organisation to manage risk for both itself and the customers, while demonstrating compliance with data protection legislation, such as ISO27001 and GDPR.

And it’s not just the security risk…

When Shadow IT begins to manifest in an organisation, it typically complicates the existing system architecture. As well as being impossible to manage since IT has little or no knowledge about its Shadow IT, it’s also unlikely to align with the broader technology strategy. Furthermore, if third-parties are involved, they could develop IT that is inconsistent with the current infrastructure. And that’s before you consider the duplication of work – with business functions turning rogue, all doing their own thing, it’s likely you’ll have multiple systems fulfilling the same role. It is this kind of inconsistency and approach to risk that gives rise to the perception that IT is separate to the rest of the business


Is Shadow IT really that bad?

Understandably, Shadow IT has a bad reputation, but Gate One doesn’t think it’s as bad as everyone makes out.

Times are changing. We live in a digital world where new, niche technologies are being developed every day with the sole purpose of making our lives easier, efficient and more productive. So let’s cast a new light over Shadow IT. Imagine if you viewed Shadow IT as an opportunity to promote innovation across the organisation. What would that mean for your future?

Harnessed in the right way, Shadow IT is a powerful force. New agile technologies can be developed to solve a very specific problem. It means now you can gain insight into your customer preferences, so when you develop products/services, they really key in to your customers’ needs, and deliver the ultimate customer experience that keeps them coming back for more. Along the way, you can streamline your operations to make them more effective, and boost employee morale and productivity.

End users often credit Shadow IT as central to driving innovation, business transformation, and increased productivity.

A circle of conflict

Gone are the days when IT worked in silos, away from the rest of the business developing solutions in isolation. Creatives are present across your organisation, and they’re all looking for new processes and systems to improve the way the business operates. It means that finding ‘cool’ technology to solve a problem isn’t just the job of IT, now everyone is responsible for the continuous improvement.

This is a huge change in mindset for IT and a massive cultural shift for your organisation. And that’s why the conflict around Shadow IT currently exists.

The Shadow IT conflict

  • A problem arises.
  • Everyone wants to be collaborative and innovative in solving it.
  • But… the moment they try, IT comes at them with a stick – is it safe? Is it secure? is it compliant?
  • Now IT is seen as a blocker, there to stifle innovation.
  • So rather than turning to IT for help, the business functions look for a SaaS alternative to solve their problem.
  • They find something that only costs a few pounds a month – better still, they can have a 30-day free trial – so they don’t feel the need to ask IT for permission.
  • However, as more features are added, the monthly cost increases and then more bespoke solutions are implemented to work around the existing infrastructure.
  • A problem arises…

There’s still definitely a place for IT, which is why you address the conflict and create a collaborative, innovative environment where everyone is pulling in the same direction, rather than fighting or dismissing each other.

Turning a spotlight on the new role of IT

In a world that embraces Shadow IT, the role of IT is crucial to lead its delivery safely and effectively to the organisation. Requiring a blend of people, process and technology, the role of IT shifts from procurement to fostering conversations between techies and business people; by understanding the needs of every department, and why they’re off doing their own thing – IT can determine what’s missing from the current infrastructure, causing issues and preventing people from getting on with their jobs.

Furthermore, in taking the lead, IT has visibility of the organisation’s entire infrastructure. By retaining the ability to view/manage major projects/programmes across the business, it means governance, risk and compliance are maintained at all times, and the organisation is no longer left exposed.

In essence, IT needs to understand how it can produce an environment that enables creativity and collaboration in a safe and controlled way.

But is your IT function set up correctly to deal with Shadow IT?

3 critical success factors for Shadow IT adoption

1. People in IT have clear, enterprise-wide roles and responsibilities

The first step to changing your culture is to identify the areas where IT excels, and then accept that good ideas and innovation can come from anyone in the business. This is where having clear roles and responsibilities is really important so everyone feels valued and like they are contributing to your overall success. From here, the communication has to flow down the hierarchy, providing better visibility of what others are doing, and encouraging greater collaboration between departments.

Start by asking yourself:
  • Do you have the right partners in place to bridge the gap between IT and other business functions?
  • Do your IT staff understand what other teams are doing and how they can best support them?

2. Process needs to guide people while giving them the freedom to innovate

If people don’t understand the risks associated with introducing new technology to the business, they’re never going to follow your process. For IT, this is an educational exercise, highlighting the issues, explaining why it causes vulnerabilities and how they can be overcome. It may be that IT then needs to refine the process, creating something that strikes the right balance between ensuring the right checks are performed, but not causing bottlenecks. To provide people with the guardrails that afford them the freedom to innovate, while ensuring the governance exists to protect the organisation if they step outside of these boundaries.

Start by asking yourself:
  • Are the right processes and governance in place to create an environment of innovation and collaboration, while ensuring that security and compliance are not overlooked?
  • How much freedom are you comfortable giving to allow people to do their own thing?

3. Technology needs to support the business to continually improve

Finally, you have to look at the infrastructure that the Shadow IT needs to integrate with. Take a look at everything you have and consider if it’s fit-for-purpose. If people are going to find new solutions to solve their problems, IT needs to understand why your current infrastructure isn’t supporting them. And then thinking about continuous improvement, IT needs to ensure the mechanisms (e.g. an intranet) are in place to allow people to provide their feedback and submit ideas for improvements.

Start by asking yourself:
  • Do you truly understand what the technology needs of your functional heads are, and why they are going elsewhere to get it?
  • What issues does your legacy tech cause?

Time to embrace Shadow IT

Data from Unisphere Research suggests that 84 per cent of business and IT leaders want to see their organisations do more to encourage and support Shadow IT because they know people see the technology around them as a way to boost the productivity of their jobs3.

And Gartner agrees, actually quantifying the impact. It states that by decentralising IT and allowing individuals/teams to purchase their own IT resources can reduce time to market by two years4.

“For most organisations, resistance is futile. Better to embrace it and acknowledge that employee IT and digital skills in the increasingly digital workplace are an opportunity to innovate and create more value from IT and digital investments.” Gartner

Like it or not, Shadow IT is happening now. We’ve shown you that it doesn’t have to cause your business issues, rather it presents an opportunity to enable your business to get better.

Changing the cultural mindset of your organisation means you can better understand the challenges in your business, see why your current processes and systems aren’t quite hitting the spot and causing people to look elsewhere, and then how you can improve for the future.

BUT… this all starts with evaluating your current infrastructure and identifying why it’s no longer fit-for-purpose.

Shadow IT should be a collaborative effort. If you’re ready to embrace Shadow IT for a brighter future, contact our team and see how we can help you better align your people, process and technology to make it happen.


James specialises in large-scale IT-enabled change and enterprise portfolio management. He has delivered complex transformation programmes across multiple industries. James is part of the Target Operating Model team and is Gate One’s knowledge lead, which involves capturing and managing our key methodologies.