Blog post

Shine Some Light on Shadow IT

By Dave Cappuccio | November 27, 2013 | 2 Comments

IT OperationsFood for Thought

You may have heard the term shadow IT bandied about lately, in both analyst musings and the industry press (they often feed off each other in the always fascinating game of buzzword bingo).  What’s interesting about shadow IT is that it’s really nothing new, but rather something thats been with us for years, but the latest version (which I’ll creatively call V2) has grown in significance (and scope) to where the C-suite should start to pay attention.

Local Support Driven by Necessity

What is shadow IT?  That depends on your perspective and how long you’ve been involved with IT.  In the early days of distributed computing, client server and the PC “enabling” the business, shadow IT was that group of people that both held everything together at the business unit or department level, and caused all the chaos for central IT.  Oftentimes these individuals were not formally IT, or even responsible for IT support, but because of their innate skills, their standing within the business unit, or their relationship with peers, they became the de facto stand-in for a formal IT process which had yet to reach the hinterlands.

In most cases this was not a budgeted support function either, it was just done because it was either much more expedient than using the “formal” process, or it had grown organically with the business units adoption of IT and thus became just one of those embedded processes. This 1.0 version of shadow IT was focused mostly on  the introduction of unauthorized technologies (both hardware and software) and the subsequent peer support that was required.  “Hey Joe” support structures were common in business, but undocumented, and were often the first avenue an end user pursued to solve a technical issue.  Over the years shadow IT V1 was mostly eliminated by the implementation of standardized architectures, automated support services, efficient call centers, and an increase in systems complexity.

That said, version 2.0 will not be so easy to deal with.

Shadow IT today is radically different from the past in both it’s reasons (to exist) and its impact, and in many cases it will not be something that traditional IT can solve by rolling out more technology and process.

Driven by need.  (responsiveness to users).  Over the past few years we have seen a dramatic increase in the number and types of devices available to business users.  In most instances organizations found that waiting for IT to go through it’s traditional approval/evaluation process was not acceptable, especially with the potential productivity benefits that came with these devices (e.g. tablets, smart phones).  IT organizations found themselves either putting device and software approvals on the fast track, or continually reacting to support requests for new device types that were “non-standard”.  Saying no the business was not an option, especially since most of these devices were funded through departmental non-IT budgets and were seen as potential gateways to new business processes and emerging market opportunities.

Driven by speed (applications delivery).  This proliferation of user friendly devices had a serious cascade effect in the form of a flood of newer, smaller, purpose built applications that were being downloaded by business users.  These applications were rarely what would be considered enterprise-class, but to the business user it didn’t matter, as these applications were inexpensive, quickly installed, and quickly updated with rapid version/refresh cycles.  This sequence of events began to drive a cultural shift in many business units, one where the quality of an application did not come first, but where access and availability did, which in turn meant that a high majority of the innovative applications being tested by the business were acquired outside of the control of central IT, essentially establishing a business IT process that was distinctly separate from the central IT process.

Driven by knowledge (responsiveness to markets).  As business users have become more comfortable with these newer device types, applications are emerging that focus specifically on the convergence of content, context and location.  Using these three drivers the types and linkages between devices, applications, business processes and large data stores (e.g. existing CRM and ERP systems) have moved the focus of applications away from enabling the business towards one of enabling the individual.  

What can IT do?  If IT is to respond to this form of Shadow IT they must pair with business partners and work together as part of innovation labs (often driven by the business and not IT),  Innovation labs can become the integration point where IT experience and business innovation can come together, but the focus is NOT as a control point, but as an enabler of change, with clear understanding on both sides of the aisle of what the potential cascade effects will be on both the business and on IT.   Otherwise IT organizations can decide that their real value is to support and maintain a flexible infrastructure that supports rapid innovation by the business, and just let 1,000 flowers bloom.   Either way the new Shadow IT, which we should now call Business IT, is here to stay.

Food for thought….

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Suman Challagulla says:

    Great article. We see this phenomenon of shadow IT in the healthcare industry as well despite thefact that it is highly regulated. So this phenomenon is definitely here to stay. One of the interesting ways that some enterprises have reacted to shadow IT is to take the person responsible for driving shadow IT and place him/her in a position of prominence where he/she can influence the direction if technology within the enterprise. This goes well with your final recommendation which outlines how IT must be flexible and partner with business.

  • the article outlines precisely the 5Ws and 1H. Shadow IT is a response from business users to the quest of IT for better governance. the IT department is yet to find a way that provides this users with what they want and need with the proper time to market, without negative effects to security, cost and quality. it is a great opportunity, as mentioned in the article, to make Shadow IT an integral part of the organization. it is possible to absorb Shadow IT into any governance model, of course, it is a matter of knowing, controlling and accepting the risk.