“Shadow IT” is nothing new, but it’s still as relevant as it was – especially for those organisations that have just “let it ride”, just dealing with issues as they arise. If the term is new to you, it refers to any purchase and use of technology that has happened outside the remit and control of the corporate IT organisation – whether internal or external.

Whilst Shadow IT has been around for many years, the current “shadow situation” is probably more challenging than ever for traditional IT organisations. Shadow IT used to be just instances of where other lines of business, such as sales, simply ignored the IT department or official external IT supplier and bought hardware, software, and services directly from other suppliers.

These business functions might have ignored, or by-passed IT, in the past simply due to ignorance of what is available or the “official” process – knowingly or otherwise. Or it might have been due to the IT organisation’s inability to identify and deliver against their requirements.

But Shadow IT is now so much more than this.

Lifting the Hood on Shadow IT

Shadow IT typically happens because of the tension between:

  • The business need for speed and responsiveness – as well as managing costs
  • The need to protect the IT estate – which is nowadays effectively the intellectual property (IP) of many organisations.

IT departments have traditionally been competent at the latter of these two points, but not so much the former.

But now, in addition to this, new cloud and commercial models for technology mean that almost any business function can now go and buy in IT services direct. It increases the potential for Shadow IT through both the ease of engagement and the ability to pay for IT from Opex, rather than Capex, budgets.

So, What Should You Do?

To prevent Shadow IT harming business operations, both parties need to move together – with IT needing to find ways to better engage and to become faster and more responsive. And the other business functions needing to recognise that “IT is now their business” and to give this more attention and care – from the executive-level downwards.

New technology and new commercial models open up great possibilities for businesses to compete and grow. There is the threat though that the lack of executive understanding of, and buy-in to, the need to formally manage technology and corporate data will lead to a culture of secrecy and distrust. With the result that systems and services are bought and used without appropriate levels of risk assessment and ongoing governance.

To combat this, CIOs must stress the need for more openness and communications, and a better understanding of the IT role. And, in order to make this happen at board level, we cannot afford to continue the old antagonism between IT and other lines of business. IT needs to wake up and engage. But business function C-level roles also need to become more savvy around the needs, risks, and the value of technology.


  • IT suppliers and departments need to be more responsive, customer friendly, fast, and engaging
  • All lines of business need to recognise that IT systems and data are their business and that they need to take a bigger and more strategic view around how they buy, maintain, and protect IT.

10 Tips to Overcome Shadow IT Related Issues

IT departments must embrace Shadow IT or risk becoming irrelevant. They should see this as an opportunity to improve business relationships and to deliver a more value-added service. And Shadow IT must be approached positively and without a blame culture.

If your organisation is still struggling with Shadow IT, I recommend the following 10 activities:

  1. Engage, or reengage, with your customers – identify what their needs are, and also determine why they are using alternative IT products and services.
  2. Build a clear policy for “bring you own device” (BYOD) (or service etc.) that clarifies what is and is not acceptable and supported – and move Shadow IT away from being an “illicit” activity
  3. Communicate – adopt a policy of positive communications to get messages out about the value and risks associated with using non-supported/approved technology and services.
  4. Educate your executive board – ideally encourage your CIO to seek a “seat at the table”. The board needs to understand technology and its relation to the business (and business success). It is just no longer acceptable to be “fashionably luddite” any more.
  5. Develop and promote your CIO – this needs to be a business-focussed role around the delivery and maintenance of technology.
  6. Foster open relationships with everyone outside of IT – ensure that IT is viewed as approachable and refer back to point three.
  7. Get feedback from the IT service desk – it is usually the first to know if there is an additional product and/or service that people in the business would like IT to support. This will enable you to adequately address any business wishes before it reaches the point of Shadow IT.
  8. Identify new ideas and innovations – by using regular feedback mechanisms to ascertain how IT and the service desk can add more value, rather than support just being a break/fix activity.
  9. Embrace and engage with issues – do not hide your head in the sand and simply hope that the issues will go away.
  10. Establish business relationship management (BRM) – it plays a big part here and is a great opportunity to improve the business/IT relationship to ensure that you are better meeting business needs.

Ultimately, there is a need to view Shadow IT as an opportunity to improve IT’s value to the organisation and in doing so you will succeed in addressing the issue.

Barclay Rae has extensive experience as a consultant, analyst and subject matter expert in IT Service Management. He is the Lead Editor of ITIL 4 Create Deliver Support (CDS) Managing Professional guide, a member of the ITIL 4 Architect team and a co-author of ITIL Practitioner.

He also has considerable business and management experience in the industry, both as a consultancy vendor and also working with industry bodies and vendors such as SDI, AXELOS, APMG, and Axios. He brings industry and subject knowledge to ITSMF UK's strategic direction, as well as practical experience and commercial skills in running a small business organisation.

Scroll to Top