Managing Shadow IT

to Create Value

Simon Mingay

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in
any form without Gartner's prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on
gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner di sclaims all warranties as to the accuracy, completeness
or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research
organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a
discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its
shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these
firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information
on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity."
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Shadows Can Be Deceiving

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
What Is Shadow IT?
Investment in acquiring, developing and/or operating IT
solutions outside the control of a formal IT organization.
• IT devices, software, IT advice and services outside the ownership or
control of IT organizations:
- Excluding operational technology (OT) from this definition.
• Funded, procured and owned outside formal IT organizations.
• Managed and maintained outside formal IT organizations.
• Not listed in formal IT asset registers.
• Not maintained, backed up or secured according to IT organization
standards and policies.
• Frequently includes consumer IT and social technologies.
• Neither inherently bad or good, but …
- … a growing issue that needs action to ensure the integrity and efficiency
of enterprise technology, and to prevent fragmentation of information
and processes.
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
The IT Organization Is Losing Its
Share of Spend on IT
Others 70 30

Utilities 65 35

Transportation 68 32

Health payers 85 15

Healthcare 78 22

Insurance 79 21

Banking and securities 73 27

Wholesale 82 18

Retail 66 34

Education 73 27

Government 64 36

Communications, media and services 63 37

Manufacturing and natural resources 72 28

100 80 60 40 20 0 20 40 60
Percent
Non-IT IT

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Shadow IT Is a Result of Deep Structural
Change in Society, Organizations and IT
• 60% of the U.S. Jobs Are
Changing Nature
Nonroutine, Up From 40%
of Work in 1975.

Demographic • Millennials Will Be 75% of the

Shifts U.S. Workforce in 2025.

• Cloud, Social, Information,

Nexus and Mobile Is Reshaping How and
Consumerization Where IT Is Done.
Business
Consumer • From 2002 Through 2012,
Team-Based
the Importance of Team-Oriented
Output Output Grew From 22% to 49%.

Changing Role of • IT Organizations Need to

the IT Organization Adapt to Remain Relevant.
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Divergent Views and Opinions on
Shadow IT
• Not in line with policies
and controls.
• Poor documentation,
scalability, reliability. • Self-leveling
mechanism of supply
• Security and
and demand.
privacy issues.
• Undermine the ROI of • Necessary to get the
prior investments job done.
(e.g., DW and BI). • Source of innovation.
• Hidden cost of time
• Fast prototyping.
wasted on data quality.
• Potential damage to • Improve organizational
the brand. speed and agility.
• Ineffective use • A way to improve
of resources. employee engagement.
• Duplication of effort, • Must be embraced.
data, solutions should
be avoided.
• Must be contained.
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
The Emerging Four Future Roles of IT —
Shadow IT Is Symptomatic of the Change

PAST

Externally IT as Global IT "Is" "The CIO Runs

the IT
Focused Service Provider the Business Organization"

FUTURE
Focus
"The CIO
Ensures That
the Enterprise
Internally IT as Engine Everyone's Achieves
Focused Room Strategic Value
IT From the Use of
Technology"

Not Mutually Operational Transformational

Exclusive
Orientation
May Exist in
Combination
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Everyone's IT
In Everyone's IT, information and technology are used
aggressively by business leaders and individual
contributors to break through traditional perimeters of
business and to drive ambitious collaboration.
• Focus is information, not technology, personal productivity,
codes of conduct/information sharing.
• High-maturity enterprises embrace this divergent model for
its collaborative, innovative potential; traditionalists see
anarchy, others see liberated creativity.
• Works in nontraditional situations — dynamic businesses,
startups, R&D/entrepreneurial/community ventures.
• Everyone's IT has shared purpose and systematic value
capture, not the same as shadow IT.
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Why Is Dealing With Shadow IT Difficult?
Many IT management teams attempting to deal with
shadow IT realize:
• They couldn't prevent it, even if they wanted to.
• They don't want to forbid all technology outside the
IT organization.
• Attempts to control just makes it move further into
the shadows.
• Highly networked modern enterprises need multiple
sources of technology capability.
• A growing number of professional disciplines and
general personal productivity tools depend on IT …
… and the staff concerned wish to have control of the tools used.

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Engage

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Redefine
Accountability
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Guide

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Establish
Boundaries
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
A Framework for Categorizing
End-User Solutions
Mission-Critical Solution/Applications

Guided Off Limits

Simple Highly Complex

Solution/Applications Solution/Applications

Sweet Spot Danger Zone

Non-Mission-Critical Solution/Applications

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Criteria End-User Solution:
Segment Your Systems
Incremental End-User
Waterfall and Iterative Agile and Kanban Developers

Systems of Innovation

Systems of Differentiation

Systems of Record

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Create Red
Lines
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Offer Services

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Exploit
Bimodal IT
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Bimodal IT Has Its Center of
Gravity in Innovation

Systems
+ of -
Innovation

Governance
Mode 2
Change

Systems
of
Differentiation
Mode 1 Systems
- of
Record
+

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Tiered Support

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Consider
Accreditation
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 End-User
Board
#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
 Use Audit

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Case Study: European Insurance
The Emergence of a New Approach
Changing the Way of Engaging
Principle: What they did:
Freedom to choose: Offered a consulting service:
• Support choice. • Early engagement.
• By doing so, ensure IT are engaged. • Don't turn it into a project.
Keep to the rules: • Don't force any technology,
• Compliance, data protection, security, platform, vendor.
DR, archive, backup. • Do review data protection, quality, risk.
Reduce cost by reducing duplication. • Recommend where it could be
Focus on data quality. improved and moved forward.
Decomposed service offerings:
Group risk case example: • Across full applications life cycle.
• 16 applications, none integrated.
• Low data quality, high cost.
"Standing back and taking the moral high ground of
• IT-provided infrastructure, sign-on being 'right' was not working for anyone. We needed
authentication, protection of data. to change our role and the style of engagement."
• BU ran project and used IBM.

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommendations
 Engage: IT leaders should respond to shadow IT by engaging with
the business stakeholders to identify consumer-oriented styles,
tools and appropriate support services.
 Distinguish: Is it shadow IT OR a deliberate, business-driven
approach to leveraging technology that is creating value.
 Build: Develop the capabilities and services to support a purposeful
approach, styles of leadership, governance and culture to maximize
value from everyone's IT.
 Encourage: Look for opportunities for the IT staff to contribute to
business-driven initiatives to encourage participation as co-creators
and innovators and reward those activities.
 Adapt: Offer a range of IT supports and expertise to align with
changing end-user needs and interests by adapting skills and
mindsets of IT support staff.

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Action Plan for the CIO
Monday Morning:
- Communicate with the executive team about the need to engage with
business leaders, shift accountabilities, and not policing business unit
technology activities.
- Identify business units currently moving ahead with technology initiatives
on their own, and why they are doing so.
Next 90 Days:
- Develop a policy and criteria for guiding business unit
technology initiatives.
- Identify new services or updated services for supporting BU development.
- Meet with business stakeholders to review and agree to the
responsibilities and boundaries of involvement.
Next 12 Months:
- Implement IT services and supports to ensure there are tiered options that
meet business needs.

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommended Gartner Research
 Embracing and Creating Value From Shadow IT
Simon Mingay (G00264121)
 How CIOs Should Deal With Shadow IT
John Mahoney (G00216085)
 Guidance and Engagement of Non-IT Staff Enable
Everyone's IT Capability and Minimize Shadow IT Issues
Simon Mingay and others (G00249747)
 How to Embed IT Procurement Governance and Minimize
Risk of Shadow IT Activities
Guriq Sedha (G00237629)
 Promoting Organizational Agility With the
Digital Workplace
Matthew Cain and Mike Gotta (G00263921)
For more information, stop by Gartner Research Zone.

#GartnerSYM
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.