Shadow IT as innovation driver

Shadow IT harbors risks – but can also act as an innovation driver during digitization. On one condition: an operating model in which the Business and IT work together, with an established governance system. This creates room for innovation – and an opportunity for IT to shape these developments.

IT systems in companies are not operated solely by the IT department. The business part of the company also operates its own systems, platforms or entire infrastructures. There are good reasons why many companies have such shadow IT organizations. After all, the business divisions have a better understanding of their requirements, and often they can implement these more quickly and with more flexibility. At the same time, IT systems operated by the business divisions often have a bad reputation, since they give rise to an unwieldy IT landscape and neglect important aspects of IT security and governance. Having said that, the number of business-driven IT organizations will grow as digitization advances.  

Gartner predicts: 

„By 2024, app development will be done with low-code in over 65% of cases.“

(Gartner, 2019)

Different trends accelerate this development. They include the increasing popularity of Cloud/SaaS solutions, which can also be procured without the IT organization. And then there are low-code and no-code platforms. They provide employees in the various departments with the option of developing their own IT-supported processes and systems. This trend offers companies enormous potential for optimizing processes, creating solutions and generating added value for the company. A successful outcome hinges on the following: 

  • An examination of the issue of security.
  • Compliance with statutory requirements and internal compliance.
  • Guaranteed availability and business continuity.
  • Integration into the company's architecture.

From shadow IT to innovation IT

What is becoming obvious: The digital transformation forces companies to act – particularly with regard to innovations. The role of IT departments grows as companies must keep up with growing innovation pressures and the speed of innovations. They too must find ways to become more innovative and work more closely with the business divisions. Because the lines between the business and IT are starting to blur.  

IT departments should see this as an opportunity to provide better solutions through a better understanding of the business requirements and greater proximity to the customer. Because if IT departments do not join in this process, they run the risk of losing their role as innovators and becoming a pure commodity IT organization without significant relevance to the business. In this case, it would quickly lead to questions about the need for in-house IT departments, and full outsourcing in the direction of zero-IT may be considered.  

CIOs must be active players in this process and in the digital transformation, instead of letting it happen from the outside. Otherwise, they run the risk of becoming a victim of the disruption. At the same time, there is an opportunity for transforming the shadow IT into Citizen Development and innovative power. On the way there, IT organizations should ask themselves the following basic questions: 

  • What does an operating model in which Business and IT work hand in hand look like? 
  • What measures must be implemented to generate sustained added value from the shadow IT? 
  • How can the IT organization maintain its control over the IT landscape? 

Implementing IT innovations

Large IT innovations at the business level are only possible when customized solutions are provided for the different divisions in the company. This can be done by way of a platform IT. In addition, the business divisions should be educated and encouraged to use low-code or no-code, so that company processes can be optimized with small innovations, which promotes competitiveness.  

A platform IT combines the advantages of a centralized and a decentralized organization with centralized governance, interdisciplinary communities and customized, business segment-oriented platforms. IT resources (e.g. architects, developers) are directly assigned to the platforms, and they continuously support the same from the solution architecture to operations. This is where the cooperation between IT and the Business takes place. 

Core IT

 Is highly standardized, optimized and automated. The applications are a commodity for the users (e.g. infrastructure) and an integral part of the IT budget. 

Enterprise Services

These are consolidated business services that are operated by the IT organization with a strong business focus.

IT platforms

The platforms are individually configured and meet a variety of business requirements. They focus on innovation and enjoy a high degree of freedom, as long as they comply with the security and architectural principles. The platforms are financed by the Business and can be developed mostly autonomously. In addition, knowledge can be transferred through the cross-platform exchange in thematic communities (e.g. for the development of Data Science skills). This promotes the company's digital transformation process.  

Stimulating micro innovations through low-code and no-code

Minor innovations happen with 1) the right technology equipment, 2) a common set of rules, and 3) the education of employees. 

1) The right technology equipment

The provision of the right tools is the main prerequisite for ensuring that companies are equipped for micro innovations in the daily business. 

The right technology equipment begins with the IT infrastructure. It should be modular and scalable. Cloud services are a good choice in this regard. In addition, the infrastructure should also be self-service ready. In this way, employees can easily obtain the required infrastructure components (such as servers, databases, storage, software/licenses). In the next step, employees need the actual development environment. This is where platforms for low-code/no-code and Robotic Process Automation (RPA) come in. Added to these are tools for support and for managing the development activities. 

2) A common set of rules

Implementing the right technology tools is not enough, however. In the absence of a clear set of rules, it only promotes the negative aspects of the shadow IT. The IT organization can only keep a handle on the entire architecture when there are clear limits on its sphere of influence. 

The amount of freedom and individual leeway for the Business will depend on the business criticality and complexity of the intended or existing application. This is a continuum, and stricter governance will be required as the two factors grow in importance. 

3) Educating employees

Even with clear rules, employees must be able to use the tools, and they must be able to adhere to and understand the rules. Therefore they must receive training with regard to the governance and compliance rules. This includes the company architecture, data protection or security. Looking to the future, methods for operations (ITSM) and further development (DevOps) should also be communicated. This requires an education path and the corresponding qualification as “Citizen Developer”. This qualification should be a prerequisite for using the tools. 


Because of technological developments, companies are under increasing pressure to act. If IT organizations do not become active players in this transformation, it will happen without them. In that case, it is making itself obsolete in the long run and becomes an operator of commodities. Therefore, IT departments should see the dangers posed by shadow IT organizations as an opportunity to strengthen innovative power with the help of Citizen Development, and thus become an enabler of business success. At the same time, they will also improve their own position in the company. 


Michael Müller

Senior Manager, Head of IT Management Advisory