4. Establish low-code and no-code governance models
The first three steps help bring shadow IT into the fold but they do not address the fact that IT departments rarely have sufficient staffing, expertise, or budget to fulfill all prioritized programs.
Here, CIOs can reduce the IT supply-side gap by promoting citizen development technologies and establishing governance models for low-code and no-code solutions. No-code governance models should cover processes to review app ideas, roles and responsibilities, integration requirements, release management practices, documentation requirements, and other requirements to ensure reliable and secure business processes.
No-code solutions offer significant advantages in addressing shadow IT as they shift the implementation and support work into business responsibilities. No-code solutions can help business users convert spreadsheets into workflows, develop knowledgebases, and build SaaS integrations.
To succeed, however, CIOs need a governance model and a solution architecture plan to help select low-code and no-code platforms, provide guidance on when to use these platforms, establish a development lifecycle, and ensure ongoing support.
“A strategic framework should categorize use cases based on three criteria: business complexity, technical complexity, and security and compliance requirements,” says Varadharajan. “Any use case that ranks high in any of these criteria should be managed by the IT department, while the remaining can be delegated to the business units.”
5. Develop citizen data science and self-service capabilities
CIOs have embraced citizen data science because data visualization tools and other self-service business intelligence platforms are easy for business people to use and reduce the reporting and querying work IT departments used to support. The most successful programs go beyond rolling out tools by establishing governance in citizen data science programs while taking steps to reduce data debt.
Citizen data science reduces shadow IT when CIOs promote proactive data governance and establish data integration, cataloging, and quality practices. There may be times when department-specific data needs and tools are required. But having strong data capabilities and standardized data platforms that enable employees in business, data, and technology roles to leverage data in decision-making helps reduce tool proliferation and shadow programs.
6. Iterate and communicate a generative AI strategy
Shadow AI is the next front line where departments and their employees are already exploring generative AI tools and risk exposing proprietary and other confidential information. Recent charts from venture capital firm Sequoia Capital help show just how many generative AI tools are coming to market to support sales, marketing, design, software engineering, customer support, legal, and other departmental needs.
It’s an area ripe for shadow activity, especially because executives are hungry to see their organizations identify breakthroughs and efficiencies using generative AI capabilities. What’s to stop a department head or an employee from trying a new tool and starting another shadow program?
Where appropriate from a regulatory perspective, CIOs should avoid saying no to experimenting with generative AI. When department leaders hear no repeatedly, they consider exploring shadow solutions without IT, security, or compliance collaboration.
CIOs should also create, communicate, and iteratively update a generative AI strategy that captures short- and long-term outlooks. Short-term plans should specify which departments should experiment, toward which business outcomes and opportunities, as well as what tools can be used, what data can be involved, and where they should report their experimental learnings. CIOs should also update their digital transformation strategies to consider how large language models will impact their industries and where customer experiences need AI-driven overhauls.
7. Foster a co-creation culture
The last step is probably the most important and should be managed parallel to the other six steps.
Shadow IT is more than a risk and missed opportunity — it represents an operating and cultural gap between “business” and “IT” that top CIOs aim to eliminate. Closing the gap requires expanding the business acumen in the technology organization by building relationships with business stakeholders, developing empathy for customer and employee needs, and improving communications. It also requires CIOs to shift left technical capabilities so that digitally savvy employees working in sales, marketing, HR, and other departments have sanctioned tools and a governed process for self-servicing their technology needs.
CIOs following these seven steps can turn shadow IT into a competitive edge by fulfilling more departmental technology needs, reducing the risks of shadow programs, and empowering more business people to self-service their workflow and data needs.