October 13, 2015
Should shadow IT have a place in the enterprise?
By: David Hoff

Finding a place for shadow IT in the enterprise

We recently used this blog to introduce a new way to conceptualize enterprise technology, known as the stacks approach. 

To recap, the stacks approach categorizes technology into multiple stacks (rather than a single stack) based on enterprise competency domains (e.g. customer engagement and performance management). It contends that you should then automate each domain’s activities with a technology platform and a related suite of integrated applications. This approach makes sense for the cloud era because as you determine your plans for cloud adoption, what you’re really doing is rethinking your stacks to determine which applications are cloud ready and if each application lives in the appropriate stack. Here’s what this looks like:

Stacks approach


Today, I’d like to add a wrinkle to the very tidy stacks approach, because we all know that enterprise IT isn’t quite so cut and dry. That wrinkle is known as shadow IT, the practice of employees procuring and using their own applications without IT approval. 

Obviously, shadow IT complicates the stacks approach because any shadow applications in your organization will not be integrated into any of your stacks. Instead, these applications exist in their own silos, floating outside of the stacks.

Data, Integration & Analysis


As shadow IT has exploded in recent years, it hasn’t received the best reputation. For the most part, these negative perceptions are warranted for three key reasons:

  • Shadow applications are siloed applications: Because these applications won’t be integrated into any of your technology stacks, you’re likely to miss opportunities to add value to information by passing it between systems. In short, users might miss out on the full value these applications could provide if they were properly managed and integrated into the fold.

  • Users become the admins: When users go out and procure applications on their own, they typically become the admins for these applications. However, these users don’t have the experience managing technology that’s typically required to properly secure applications and handle any issues that arise.

  • Security falls by the wayside: Most importantly, shadow applications can put corporate data at risk in two ways. The first is if users discontinue the applications when they leave your company, meaning all of that data leaves with them. The second is if users implement applications that don’t meet your corporate security or, worse yet, government-set compliance guidelines.


When you dig a little deeper, you’ll actually find that shadow IT can add value to your organization. You see, shadow IT occurs because users want to work more efficiently and effectively, and that’s not a bad thing for your business. 

When you embrace shadow IT, you actually empower the people who are closest to the day-to-day running of the business to act as key decision makers in solving challenges. These users, who partake in shadow IT with the best intentions, are simply trying to tell you what they need to do their jobs better. And when you see the same shadow applications (or same type of applications) continually pop up across the organization, that’s a red flag that users have a need IT has not fulfilled and a strong indication it’s time for you to step in and help find a more appropriate enterprise solution.


Given the downsides, the gut reaction to shadow IT is typically lockdown. However, shadow IT isn’t going anywhere, and the stricter you become, the more you’ll just push these activities further into the shadows, thereby increasing the associated risks. 

Furthermore, given the fact that shadow IT can add value to your business by helping uncover user needs and desires to work better, it’s a practice that IT departments need to embrace. Of course IT does need to reign in these activities in order to mitigate the risks.

Popular Tags

    More blogs on this topic