Business-led IT and the rehabilitation of ‘Shadow IT’
Shadow IT or business-led IT – which is it?

 In |

Reading Time: 7 minutes

In a recent article, announced ‘Shadow IT no more’. As many of my colleagues (and ex-colleagues) know, this is something I’ve been pretty vocal about for some time. So they suggested (firmly, with a deadline) that in the light of this article, I write something about it.

My soapbox

I’ve always maintained that the term ‘shadow IT’ is divisive, perpetuating a siloed culture within organizations. I believe it contributes to a ‘them and us’ relationship between IT and business stakeholders. As someone whose route into the IT world was as a business stakeholder, finding a resolution to this tension has always been close to my heart.

I’ve frequently been frustrated by attitudes that imply ‘IT knows best’. Or that any unauthorized software or hardware identified by ITAM or security teams should be removed immediately without assessing the potential business impact.

While in the past, IT may have been a bit of a mystery – seen by non-techies as a black art, and by finance as a black hole – we’re now in the age of the digital native. Many younger Millennial and Gen Z employees have a better understanding of how technology works and what it can do for them than some of the older Millennial and Gen X management and leadership in their organizations.

What is Shadow IT really?


Everyone assumes that we all know what is meant by ‘shadow IT’. However, discussions over the years indicate that some see it as ‘anything IT doesn’t know about’, while others see it as ‘anything IT doesn’t manage’, and yet others ‘anything IT doesn’t control and own’. A quick search throws up a variety of definitions from IT vendors, media, and analyst firms.

There’s quite a difference between labeling everything that IT doesn’t have control and ownership of as ‘shadow IT’ at one end of the scale compared to ‘things IT doesn’t know about’ at the other. Based on the more extreme definition, it’s probably fair to say that much shadow IT may actually have been instigated by IT staff trying to help business stakeholders frustrated by slow and complex IT processes that threatened to delay budgeted business projects.

The impact of SaaS

The growth of SaaS has meant an increase in ‘things IT doesn’t know about, manage or control’, as business stakeholders have been able to purchase business solutions without the need (at least initially) for IT integration. Many of these contracts weren’t seen as technology purchases – the business was buying a service, and the technology was simply a way of interacting with the service. Until integration with internal IT systems was needed, IT was generally unaware of the existence of the system, and the business unaware of the fact that what they were using could be considered IT.

Why it matters

Even when not integrated with corporate IT, there are risks with third-party services when organizational processes rely on them. We share valuable data, including customer and employee data subject to PII regulation. It’s hard to plan for continuity, protect against data loss, and comply with privacy legislation if the right people aren’t involved in the selection, procurement, and implementation of these systems.

So, I do understand why IT wants all technology in the organizational environment to be provided by (or through) the IT department. They need to support the systems and end-users to ensure productivity and secure the business from an increasing range of cyber threats. Finance also needs to understand the cost of the technology. Detailed cost data is even more important as businesses start to account for technology costs as part of the cost of goods sold (COGS). There are also opportunities to improve commercial deals by leveraging existing contracts with strategic vendors or managing ‘tail spend’ with smaller vendors rather than contracting on standard terms and purchasing on an ad-hoc basis.

Almost every business process is now technology-enabled. Cloud-based services become easier to access and pay for through apps and online payments. The ubiquitous nature of technology within our society means we need to change our approach. We can no longer separate ‘IT’ from ‘business’ as the two are entirely interdependent and our engagement models need to reflect this.

Emergence of Business-led IT

By talking about ‘business IT’ or ‘business-led IT’ there is the potential for a much more productive dialogue. Besides – if we’re totally honest with ourselves as IT professionals, we have to admit that the reasons for (genuine) shadow IT weren’t entirely due to the business being difficult.

In some cases, the solutions provided by IT didn’t deliver, or didn’t deliver fast enough or well enough, or the processes for engaging with IT were too obscure and bureaucratic. Or internal solutions were too expensive (or seen to be).

Often it was IT’s entrenched attitude, and ‘my way or the highway’ approach that made it easier for business budget holders to engage a third party. And easier for finance to account for too.

Facing up to reality

IT can’t do everything. As technology has become all-pervasive and digital transformation continues to accelerate, IT teams need to be realistic. They must prioritize where they spend their time and look to third-party providers to augment their capabilities and resources.

How do we solve this?

Improved communication

There are plenty of cartoons and memes that illustrate the issue of communication problems in IT, and the gap this creates between stakeholder expectations and what is delivered. This isn’t just a problem in terms of requirements but also of communication and differing priorities. I vividly remember being told ‘What the business wants is an intergalactic spaceship, what it needs is a new Ford Focus’.

It’s important that stakeholders understand the fixed costs that won’t go away if they move to a third-party solution. For example, moving from a shared CRM (Customer Relationship Management) database that’s licensed enterprise-wide to a specialist SaaS solution that suits their business unit better. The existing system may still have ongoing costs that the business needs to absorb.

Many of these problems can be solved by ensuring IT understands the business they’re in, and what it is that the end-users do on a day-to-day basis. Closer integration between business and IT teams can result in even the most complex and lengthy of IT projects being fit for purpose on delivery – even if the business (or world) has changed in the meantime.

Sometimes these changes are easy to make. The delivery of many of our solutions (such as Device as a Service) starts with a workshop. This ensures that the solution we develop meets customer needs.

Providing visibility

Both IT and the stakeholder (as well as finance) need to know what technology is out there – within our IT environment, connecting to our IT environment and ‘disconnected’ systems that our employees’ access for business purposes. If we have visibility, we can manage, maintain, secure, and fund all these systems appropriately. We can put the right contractual terms in place to protect our organization’s data and finances. Employees training can be designed to maximize productivity. We can explore improved integration not just between internal and external systems, but between different external systems. This reduces manual tasks and errors and improves productivity and employee satisfaction.

IT asset management (ITAM) is key to providing the visibility of hardware, software, and cloud-based services that allow IT teams to understand and oversee all the technology that the organization relies on. Mature ITAM functions are also able to provide insights that support cost optimization, rationalization, and security by identifying risks and opportunities across the vast number of systems, applications, and IoT devices that form part of today’s business solutions and services.

Cooperation and collaboration in this way improves resilience, supports agility, and enables innovation. It also gives us an opportunity to rebuild relationships between IT and business stakeholders. We can break down silos that have no place in a world where every business is an IT business, and every part of every business is dependent on a vast range of technology.

Position IT as a digital broker

Shadow IT has in part been the result of internal IT teams struggling to keep up with demand. The acceleration of digital transformation since the start of the pandemic compounded this as IT teams worked to both keep the lights on and transform aging infrastructure and systems to support new ways of working.

Rather than attempting to do this, IT teams should reconsider their role as a ‘supplier’ of IT. They should think of themselves more as a ‘broker’, helping their business stakeholders identify, procure, and implement the most effective solutions. IT’s involvement can ensure that those solutions meet organizational standards while also fulfilling business needs.

We’ve talked before about how the role of the reseller is changing as application portfolios grow. IT teams can leverage their expertise and services to provision a variety of services through a single provider. SHI has teams who can deliver IT Asset Management to provide visibility, license advisory, and Software Asset Management to ensure appropriate and cost-effective licensing. Our Device as a Service solution reduces the overhead of hardware provisioning and support. Procurement support for long-tail vendor management can manage the costs and risks involved in sourcing technology from a range of smaller vendors.