Increasingly – we’re seeing IT governance teams spending their focus and energy on stopping shadow IT, rather than focusing on enabling business improvement – and hurting the businesses that we’re ALL part of.
So - let’s ask ourselves why are we really here?
I know, I know, I know! That statement will ruffle feathers in IT governance and enterprise architecture circles. But hear me out……
For years, the mindset in many organisations has been that “shadow IT” is a disease — something to be eradicated in the name of strategy, control, and risk management. But what if we’ve been looking at it the wrong way round?
........ What if shadow IT isn’t a disease at all, but a market signal? And it only exists because those closest to the market signals aren’t being adequately served by the constructs that propose to serve them.
The Status Quo — and ITs Problem
Most IT governance functions are built around control. The role of Architecture practices is to keep technology aligned with strategy, maintain standards, protect data, and keep security tight. On paper, that all makes sense.
But here’s what we see. So often this means blocking business teams from using ‘non-strategic’ technology to solve real problems quickly.
The outcome? Lost opportunities. Lost business value. Value chains hindered. Frustrated employees. Innovation stifled - and - competitors outpacing us.
At the very moment when businesses need technology capabilities more than ever — and at a moment in history when technology itself is more capable of adding value than ever before — too many governance functions are focused hard on spotting it - and slowing it all down.
If governance blocks value – how good is that governance?
I repeat - let’s ask ourselves WHY we’re REALLY here.
The Business Reality
Let’s be blunt: today’s organisations can’t afford to wait. Literally cannot. Markets are moving fast, costs are escalating in multiple directions, customers want to eliminate costs wherever they can – including you. Businesses NEED every advantage they can get.
Technology isn’t just “support” anymore. – I know you already say that – and I know you want it to be true. It’s embedded in the fabric of every process, every decision, every customer interaction. But If you’re stopping the business from adapting quickly, the organisation you’re all part of – will fall behind.
If you’re not convinced – and the phrase ‘business value’ isn’t enough for you – then instead, let’s introduce Cost of Delay.
There is so often a focus on the “regret cost” of a ‘tactical solution’ — the fear that adopting something ‘light’ today is wasted spend when the “strategic solution” arrives in two or three years’ time. We’ve seen governance attempt to resist spending $70K on a fast, light solution because this need will be met by ‘the strategic solution’ when it arrives. The subsequent conversation revealing that the strategic solution 'is pencilled in for maybe 2-3 years from now’. In other words – a mindset / construct / approach that will delay a value case of >$2M / month by 3 years in order to avoid spending $70K now?
I’ll leave you to calculate that one out.
This mindset can ONLY exist if people are too far removed from market signals – and its associated pressure.
Here’s the truth: the cost of delay is so often far greater than the cost of that ‘tactical’ regret spend.
Every day, every month you delay a business capability, it is potentially value lost. Value chains remain hindered, customers go elsewhere. processes remain broken, employees stay frustrated, competitors outpace you, and cashflow trajectory is in the wrong direction – with potentially invisible causes.
If your cost of delay > regret spend you're trying to avoid - re-think how you're thinking.
Different measures? Different blind spots
This problem is made worse by a certain mindset within some parts of the governance community where there is a necessity to see the widest perspective - because they look across the entire landscape of its governed area. There’s a in-built mindset that that gives them a broader view than anyone else in the organisation.
But let’s be honest: this isn’t always true. Yes, architects see across the tech stack — but do they see across the business landscape? Do they truly grasp the reality of those market signals, those operational inefficiencies, the missed revenue, the lost time-to-market? Are they measured against the same criteria that people who do feel those pressures are measured against?
In most cases - often – the answer is ‘no’.
So of course we have inconsistent behaviours – we’ve got different drivers – this is about organisational constructs as well as mindsets.
Rethinking Shadow IT
Shadow IT happens because business needs outpace central delivery. And – no - ‘lack of planning by the business’ isn’t always the reason. Goalposts move quickly.
Shadow IT isn’t recklessness. It’s demand. Responded to by initiative. That’s people trying to do their jobs better, faster, smarter – as is the new necessity. Not helping the business through their challenges, in the timing they need, is what’s reckless.
Every “rogue” app, spreadsheet, or other tool isn’t purely a security risk. It’s a cry for capability.
When governance teams focus is to shut these things down, yes they’re eliminating a problem – but they’re creating more. As evidenced by the business continuing to need something it isn’t getting.
So – to re-confirm: Shadow IT isn’t a disease. It’s a market signal.
Instead of stamping out shadow IT, governance should be learning from it, embracing it – and guiding it to success.
A Better Way Forward
So, what’s the alternative? Well, it’s not anarchy. And it’s not security risk. And guess what - I’m not suggesting anyone throws away governance to let every department run wild with their own tech stack.
But we do need to flip the mindset. Governance should be about absorbing and enabling with real, pragmatic guiderails, not just blocking and rejecting.
Here’s how:
This isn’t Shadow IT vs governance vs Strategic IT. It’s about making today’s immediate needs be met, whilst feeding tomorrow’s roadmap.
- Organise to partner better with the business
Reverse this trend of being a low-value-adding support service – and therefore outsource-able. Inevitable you say? Find a way to add more immediate value – get with them on their strategy / build yourself in to their immediacy. - Fast-track tactical value
Create (build) a rapid-approval and delivery route for tactical solutions that address immediate business needs. Not everything should take 6-12 months of review to sign off. Break work into deliverable chunks of value – and help deliver. - Apply light governance
Wrap tactical solutions in just enough guardrails — security, compliance, data integration, transition support — to keep them safe without killing momentum. - Think 'embrace, guide and integrate', not 'eliminate'
Instead of shutting shadow IT down, bring it into enterprise awareness quickly. Useful solutions can then be built safely, scaled, integrated, or retired gracefully when a better alternative arrives.
The Real Trade-Off
Let me illustrate with examples of a common pattern we see.
- A sales team finds a SaaS tool that would cut reporting time in half and improve forecasting. Governance blocks it, commenting: “Wait for the core system upgrade in 24 months.” By then, the team has lost deals, lost revenue and consumed hundreds of hours of effort – chasing the numbers, behind the curve.
- Outcomes: Cost of regret: zero, Cost of delay: huge, Value added: zero
- Another business unit creates a tactical app in an existing platform to manage flow across a key value chain. IT teams are nervous but allow it under light governance. Within months, it’s reduced people-capacity needs, improved right-first-time, with huge improvement in time to market. Later, the functionality developed is absorbed into the strategic spine system.
- Outcomes: Cost of regret: some (minimal), Cost of delay: minimised (optimal), Value: immense
If we consider ourselves all part of the same organisation - which of these approaches sounds like good governance?
A Challenge to technology leaders
The job of IT governance isn’t only to stop things happening. It’s to help the right things happen faster, with the right level of safety and sustainability, in accordance with business demands.
Shadow IT isn’t the enemy. It’s a signal. It’s telling you where the business needs help, where capability gaps exist, and where value is waiting to be unlocked – by you – it’s there for you.
So - stop focusing on stamping it out. Start focusing on how you can engage with it, channel it, support it, and ultimately turn it into part of your enterprise advantage.
If you’re an architect, a CIO, or part of a governance team, ask yourself one question:
Am I enabling value, or just getting in the way?
And if you’re a CIO and really serious – ask yourself a second question:
How can I make technology a profit centre, not a cost centre?
You might not get to a fully-formed answer yet - but it'll make the answer to the first question much simpler.
Closing thought
Organisations don’t win in today's climate by saying “no.” They win by finding smart ways to say “yes” — and by harnessing every ounce of today’s technology potential to make the business better.
Stop focusing on stopping shadow IT. You’ve got a business to improve.