skip navigation
Manchester Digital
skip mega-menu

Quick Links

Get Involved
What We Do Join the Community This Month at MD Our Newsletter #MDTechCommunity Slack Channel Industry Events Partner Opportunities
Support
Research and Insights Manifesto for the Northern Tech Economy Startup Support Sectors Relocate Member Offers
Programmes
Apprenticeships Digital Her Startup Activator Skills Festival Sector Insights Training

Who We Are

The Team
The Board

About

News

Events

Directory

Jobs

Join

Programmes

Startups

Apprenticeships

Get in Touch

Posts
Add Post

Insight - Shadow IT – A CIO’s (and CEO's) growing challenge

#insights
View Profile
View More Posts

Client CIO: “I’m aware that business units sometimes bypass IT and go directly to suppliers. Some are even building their own apps. How big is this problem, and what can be done about it?”

Our response: You're not alone. "Shadow IT" is a common and growing challenge across most organisations. It often stems from a mix of genuine frustration and ingrained behaviours, including:

  • Perceived or actual high IT costs
  • Slow response times
  • Delays in delivery
  • Resistance to change and legacy processes

The challenge continues to grow with the rise of SaaS solutions and Citizen Development, further aided by the onset of Gen AI and Agentic AI tools that can create apps through natural language conversations. This can add material benefit to organisations.

But Shadow IT isn’t just inconvenient; it can introduce real risks:

  • Duplicated supplier costs and fragmented commercial leverage
  • Duplicated internal effort and inefficiencies
  • Poor performance visibility and lack of support SLAs
  • Security vulnerabilities and non-compliance
  • Confusion over who owns or supports what

How to address Shadow IT

You could generate policies, hunt down non-compliance and interrogate financial records to identify instances of unscrupulous IT spend. While that may create a short-term impact, from our experience, past behaviour prevails.

Here’s how we typically recommend CIOs and IT leaders tackle this challenge:

1. Clarify what you offer

Start by clearly defining and publishing what your IT department does provide. A well-structured, business-friendly IT Service Catalogue is key. This should include key details such as:

  • Service name and purpose (in business language, not IT)
  • Service owner
  • Service levels

See here for guidance on how to create an effective Service Catalogue - What’s in your shop window?

2. Communicate the value of IT-provided services

Articulate the full benefits of using central IT. For example, services provided by IT are:

  • Monitored and proactively maintained
  • Supported through a single point of contact (portal, chatbot, or service desk)
  • Secure, compliant, and risk-managed
  • Supported by dedicated suppliers and commercial contracts
  • Measured, improved, and continuously innovated
  • Delivered with accountability for incidents, root cause resolution, and service evolution

3. Address the underlying causes

To change behaviours, you have to change perceptions. That often means facing difficult feedback and acting on it:

Slow responses? Introduce a clear “front door” to IT with only two access points:

1. Issues & requests: Service Desk / Portal / Chatbot

2. New needs or demand/cost discussions: Business Partner

Slow delivery? Optimise your delivery engine - use agile where appropriate, align capacity to demand, and improve prioritisation. Include the business in defining the prioritisation criteria, and the triaging activities.

Perceived high costs? Publish a transparent, service-aligned IT Bill. Like a utility bill, this helps the business understand what they consume and what it costs, driving more informed decisions.

4. Surface and acknowledge Shadow IT transparently

Once you've improved engagement and taken the above three steps, you’ll likely have already discovered most instances of Shadow IT. Document these in a simple register showing:

  • What systems or tools are in use
  • Who owns them
  • Who supports them

Be neutral and transparent - this often prompts the business to ask: “Why are we managing this and not IT?”

5. Accept what you can’t control (yet)

If some areas of the business choose to continue independently, that’s OK. It’s a business decision. What’s important is that:

  • The risks are known and documented
  • Senior leaders accept accountability
  • A review date is set to revisit the arrangement

Need help tackling Shadow IT?

We have tried-and-tested blueprints, experienced consultants, and proven approaches that make a sensitive subject like this more collaborative and productive. If Shadow IT is impacting your organisation, we’d be delighted to support you.

If you would like to speak to one of our experts regarding the insight article, email contact@masonadvisory.com. 

If you want to find out more about our services, click here. 

Related Posts

Add Post View All
Posted by SOCIAL JAGUAR
In The Spotlight - Social Jaguar
Posted by Wiseup Networks Ltd
Building The Dream Team: Top 7 Ways To Motivate Your Employees
Posted by Foresight Mobile
Xamarin: at a crossroads ?
Posted by EM Code
How a COVID-busting design sprints can help any business prepare for 2021
Posted by Informed Solutions
Becoming Informed – Setting Out on a Career Journey in Digital
Posted by Foresight Mobile
Ralph Lauren uses mobile technology against counterfeiters
Posted by Foresight Mobile
Foresight Mobile work with Arm subsidiary SeeChange on an IoT project
Hiring from home - blog series about working, hiring and leading from home
Posted by Zuhlke Engineering Ltd
Hiring from home – remote interviews and growth at Zuhlke Manchester
Leading from home - blog series about working, hiring and leading from home
Posted by Zuhlke Engineering Ltd
Leading from home - remote leadership and culture at Zühlke
Posted by Foresight Mobile
Foresight Mobile - Ditto AI Sustainability app

Subscribe to our newsletter

Sign up here