Not long ago, when business managers surreptitiously downloaded and used their own SaaS programs, it was called shadow IT.\nToday, business-managed IT has come out of the shadows and into the spotlight, Nearly two-thirds of organizations now allow business units to select technology that fits their own particular needs, according to KPMG\u2019s 2019 Harvey Nash CIO survey. Among organizations that don\u2019t permit it, over half say it still exists.\nWhile business IT can boost productivity and enhance product development, it also poses significant risks if it\u2019s not managed properly. Here are some guidelines for getting the most out of business-managed solutions without harming the organization.\nBenefits\nThe proliferation of no-code and low-code tools, and a proliferation of easily integrated cloud-native products has made it easier for business units to configure and manage their own applications, automation, and analytics and there\u2019s no question that doing so brings advantages.\n\u201cNo one knows the business better than business managers. The traditional process of trying to communicate their requirements to IT, which then has to try to interpret and implement them, \u00a0is a largely broken model,\u201d said Steve Bates, principal and global leader of KPMG\u2019s CIO Center of Excellence.\nAccording to the KPMG Harvey Nash study, companies that actively encourage managers to adopt and collaborate with IT on their own technology provide a better customer experience and release new products faster than others. As the world grows more digital, choosing the right software matters more than ever. By 2022, IDC predicts that 80% of revenue growth will depend on digital offerings and operations.\nProblems and Limitations\nIf business IT is not well-governed, it can cause the organization a host of problems, the most serious of which are cyberthreats. Every new app increases the attack surface, offering hackers a new door where they can try to infiltrate the corporate network. Though business managers may not realize it, connecting to many third-party and open APIs can easily create cyber risk, Bates pointed out. \u201cIt is easy for the business to lose visibility and understand who is accountable for maintaining security on all the connected layers\u201d says Bates.\nEven secured connections and apps are not designed to meet the organization\u2019s compliance requirements and could lead to a failed audit. In addition, programs not run through a strong central governance and architectural review process may interfere with the performance of corporate apps.\nAnother problem is maintenance and sprawl. Modern IT departments use zero touch deployment and automation to push software and updates throughout the organization with a single touch, keeping pace with recommended patch levels, security updates, and builds. Bates points out that business managers may not have the experience and sense of urgency to update their software promptly, which can lead to security and performance gaps. As unmonitored apps accumulate, the IT performance of the organization as a whole deteriorates.\nA Hybrid Model\nOrganizations need to strike a balance between imposing controls so tight they don\u2019t allow business units to innovate and ensuring safety and efficiency. While some apps can be run by business units with few problems, others should be left in the hands of IT experts.\nBusiness IT works best for simple, low-code applications that don\u2019t require an engineering background to set up or manage. \u201cBusiness units can unleash their creativity within bounds that IT can set,\u201d Bates said. Robotic process automations created on platforms like Blue Prism or Appian are good examples. However, complex programs like ERP, custom apps, or any systems involving high risk security, network, or compute dimensions should remain under the purview of central IT.\n\u201cTo help bridge the gap, many companies are rethinking their architectural review boards, to include business managers as well as IT representatives\u201d, said Bates. The boards hash out design standards, platforms, and features that provide business units with the leeway to do what they need while still adhering to a basic risk-based organizational framework.\nEmphasizing Business Value\nBusiness-managed IT is part of an overall organizational trend in which demonstrating business value and results are paramount.\nCentral IT, too, has become more focused on business outcomes. \u201cInstead of funding one platform or technology, then moving on to the next, IT is making smaller, more frequent investments directed toward specific results. If the results aren\u2019t achieved, the technology is scrapped,\u201d Bates said.\n\u201cIt\u2019s what we call dynamic investment, and we think it will continue to mature,\u201d Bates said. \u00a0\u201cWe increasingly see a willingness for organizations to invest in smaller, modular, short-term solutions, knowing that they may move on to something else as the business needs change.\u201d\nBusiness-led IT fits well with this new, more agile IT environment. Working together, business managers and IT can steer the organization with precision toward important digital transformation goals.\nTo learn more about how dynamic investment can fit into your business-driven IT plans, click here.