CIOs have many reactions to shadow IT. Some complain that IT is generally measured as a success only by delivering something the business wants. However, IT organizations can get caught up in just doing cost control, security and overarching governance.\nWith this context, CIOs say, it\u2019s important to realize that shadow IT is not the problem. Instead, it is a symptom, real or perceived, that IT is not delivering what the business needs. While some CIOs suggest that if you have shadow IT, it means IT isn\u2019t doing its job.\nMost think differently. They say it is the CIO\u2019s job to listen and offer solutions. For this reason, IT organizations need to embrace shadow IT and build a culture where shadow IT effectively becomes sanctioned, secured and made to meet the needs of broader users by IT. In sum, IT organizations need to not view shadow IT as the enemy, but instead see it as an opportunity to right the ship before it is too late.\nMoving from the department that says \u201cno\u201d\nCIOs believe that embracing shadow IT is how IT departments go from the department of \u201cno\u201d to the department of \u201cknow.\u201d IT should be a place helping people get their job done securely and easily. CIOs think that a key to limiting negative impacts from shadow IT is to partner with the CFO to ensure there are spending controls. But, CIOs are clear, this only can happen when the CIO and IT are already doing an excellent job at solutioning and delivering on business needs and well along the way with SaaS and cloud.\nOne CIO respectfully disagreed with the group a bit here. To them, if you have employees, they said, you\u2019ll have some amount of shadow IT. Nevertheless, this CIO believes IT should be aware of this activity and act less as a draconian gatekeeper. This CIO suggests shadow IT is always a case of people trying to get their job done better\/easier and usually occurs when they can\u2019t get IT to support them effectively. They believe most IT organizations look at shadow IT as bad\/dangerous without trying to understand the why? When you understand the why and embrace the business you are starting to do your job.\nUnfortunately, it only takes one hack of an IT managed solution to convince business leadership that IT is too slow or too costly. For this reason, IT leaders need to lead and enable. They can no longer play from behind. The problem is that security failures can occur as the result of a business leader not wanting to participate in governance, cost controls and security. It is essential for this reason that IT leaders be at the business table.\nMeanwhile, acting against shadow IT is seen universally as a bad idea. CIOs must meet the needs of the organization as a whole and often the opportunity for the whole is suboptimal for an individual department. What\u2019s fully optimal for a single department can be detrimental to the whole. At the same time, data almost always will be incomplete and in the wrong context. Processes and workflows will be flawed. Without IT leadership, there is little chance to integrate applications or to fix security risk. CIOs say without these, management will eventually replace the CIO.\nCan the amount of shadow IT be reduced by CIOs listening better and showing more flexibility?\nCIOs suggest importantly that shadow IT should be used to learn how employees work or even better how they want to work. With the right attitude, CIOs can have constructive conversations regarding adding a solution or recommending alternatives. At the same time, CIOs believe that listening, communicating or being flexible is a crucial step. especially when done proactively with business leaders. IT lieutenants need to play a role here too. For this reason, he CIO owes it to the organization to have a \u201ccan do\u201d attitude and to do the outreach to ensure shadow IT conversations get started.\nWhen CIOs routinely say \u201cno\u201d or put something on the bottom of a long list, the business today will go it alone. This is especially the case when the IT budget process is broken. And when it gets bad enough, it will become the CEO\u2019s or CFO\u2019s problem to fix.\nFor this reason, the CIO\u2019s job increasingly is to surface and educate. It is, also, to partner with the different lines of business to provide the right tools. CMO marketing technology spend can rival today CIO spend. Responding to this requires many IT organizations to shift to a broker mode or even make organizational change.\nRegardless of how technology is acquired, effective CIOs provide a needed technology governance function. The fact that CMOs spend as much on technology as CIOs is a key area needing governance. CIOs suggest importantly that not all software needs to be centralized or even be part of the enterprise architecture. There can be a purely local instance to meet specialized needs.\nCIOs say interestingly that CMOs typically don\u2019t want to manage technology spend\u2014they\u2019d prefer \u201coutsourcing\u201d this to CIO. For this reason, it is critical that IT leaders be able to work with their business counterparts. They need to know that just because they listen doesn\u2019t mean that the central organization is in the best positioned to provide a service. CIOs should listen with an ear to who is in the best position to meet a business requirement.\nIf IT is inflexible, a mismatch can occur for speed, quality, cost, or features tradeoffs. If a CMO needs a webpage up now, for example, it doesn\u2019t need two weeks of design, QC and approval. CIOs should be able to effectively fix it on the fly.\nIn sum, shadow IT should be leveraged as an \u201cIdeas Lab.\u201d It should be used to define the IT roadmap. IT, however, must highlight the governance model it provides to run these projects\/programs in a better, cheaper, and more secure way. IT should always coach, advertise and sell its strength in areas of policy, governance, security and vendor relations.\nWhat are the biggest negatives for shadow IT\nCIOs had a laundry list. Here is their top 6.\n\nDuplicated efforts.\nSiloed efforts\/no integration. CIOs liked to call this stranded data.\nMultiple sources of truth. In other words, multiple financial systems reporting different financial results. This can cost a fortune in audit fees as well as SOX violation remediation.\nEmployee experience. You want to avoid multiple access identity management environments and multiple systems to touch to service customers.\nIP being locked away in unknown silos. You do not want the CIO left figuring out IP on-the-fly.\nVulnerability outside of IT\u2019s purview or bypassing IT data security\/controls is scary for most CIOs. The lack of governance and cybersecurity controls around information contained in Shadow IT applications.\nLegal and security risks with non-mainstream applications. Some at the edge skip security and compliance by going it alone.\n\nClearly, business users want and need integration. Shadow IT poses a challenge with additional end points and applications not optimally configured or with appropriate integration or APIs. CIOs, for this reason, believe that having IT-created and enforced architecture, data management, security (including identity management) standards that apply across the organization including shadow IT. CIOs say this is key to keep the core business data truth in the central repository, customize it to purposes at the edge. Otherwise, IT is left with an archeological dig to \u201creverse-engineer\u201d intent. In conclusion, poorly managed shadow IT, can lead to confused customers, embarrassed team members, which in turn damages overall morale and even business.\nCan CIOs and Enterprise Architects ensure enterprise architecture supports Shadow IT?\nCIOs had different answers to this question. Some said that a CASB solution can be used to gain continuous visibility into shadow IT. With this, CIOs can collaborate, prioritize and potentially deploy\/integrate.\nCIOs to ensure that shadow IT is run correctly need to stop saying \u201cno\u201d all the time and start exploring ways to accomplish what the business needs. They need to ensure a flexible architecture is created that supports today\u2019s needs and change. CIOs, at the same time, say it is important to stop building proprietary, unmanageable applications.\nCIOs clearly need to review and remove unnecessary and no-value-add redundancy. At the same time, CIOs need to get out of the way of creativity at the edge. CIOs need to realize that there is a business champion and budget for innovation at the source of shadow IT funding.\nAt the same time, CIOs need to figure out what processes are preventing the business from achieving its goals. It might be a micromanager\u2014it is not always a tool or architecture. In general, enterprise architecture is seen as the cornerstone to mitigating any type of organizational risk. CIOs suggest that certainty in IT architectural standards is needed no matter who funds or does the work. Data and security architectures need to be baked in. There needs as well to be documenting business processes for shadow IT.\nIt is clear CIO have plenty to clean-up. One CIO suggested that CIO need to almost be the opposite of \u201ccost-cutting CIO.\u201d Technical debt takes work to \u201cshovel out.\u201d Clearly, there is no single answer, but building monitoring, delivery and management tools that can incorporate disparate systems is an effective way to gain visibility.\nClearly, CIOs can try to completely subsume control of shadow IT. Locus of control, however, isn\u2019t the overarching issue. It is important for incoming CIOs to understand and fix adversarial relationships. Shadow IT root cause can be an IT organization that is starved for budget. Given this, it important to remember the business has money to get things done.\nClearly, if the CIO and the rest of C-Suite see eye-to-eye, the details can always be worked out. Part of alleviate the amount of shadow IT involves putting in place self-service including a IT service catalog provided as a cloud management solution.\nDoes shadow IT change the service management equation?\nThe CIO and IT teams need to shift their mentality from building things to being service brokers. They need to work collaboratively to integrate shadow IT solutions that drive the business into the service catalog. CIOs suggest, however, there is a difference between a team adding a custom Excel macro and a team quietly installing 400 seats of Salesforce when the organization runs Oracle CRM\/ERP.\nMeanwhile, service management can only be as good as the relationship between IT and the business. In a healthy environment, you should automatically incorporate shadow IT under IT support. CIOs need to realize that people in general take the path of least resistance. If using Dropbox or Slack or whatever is easier, they will use it. The CIO shop needs to provide tools that are useful, usable, and get them used. CIOs should try to make non-shadow IT applications as the path of least resistance.\nToday, projects rarely fail due to technology or the budget, they usually fail because of the existing corporate culture, silos, bad processes, and simple lack of know-how. One CIO shared that they struggled when they were relatively new to lead the effort to integrate a large acquisition when they found that there were two competing shadow IT groups. But with this said for homegrown or highly customized systems, service management can become a nightmare especially as the organization incurs technical debt.\nHow should CIOs make shadow IT a net positive for the business?\nCIOs say that open APIs on the technology side can help, but there are still many risks with shadow IT. Having a culture of learning and governance on the business side helps. With it, better choices can be made. It is important for CIO to do the following:\n\nListen and not become defensive\nGet the history before taking any action\nAttempt to come to agreement before the rest of the C-Suite is engaged\nFind opportunities to provide direct support\n\nOne CIO remembered at this point a meeting with a VP of Marketing. Their pitch was our applications would make things easier for his group. The VPs of Marketing responded that the last time you guys said you had an eight-step process it became 14 steps. This of course was before this CIO\u2019s tenure. The CIO responded, \u201cgood point; what if we got it to six or seven steps?\u201d\nAnother approach that worked for on our CIOs is to find the shadow IT \u201cdevelopers\u201d and take them under IT\u2019s wings. This involves teaching them, working with them, getting them better tools, and listening to them. This includes helping them understand how the current architecture helps them meet their goals. CIOs believe it can help to put in place a community of practice, standards, knowledge management and more. For this reason, CIOs need to be coalition builders.\nAs part of this, CIO say that recent improvements including low-code\/no-code tools and associated data models make it easier to keep shadow IT aligned to enterprise architecture. If done right, PowerApps and the Common Data Model\/Data Stores are interesting for citizen developers and pros alike. Clearly, the implications of shadow IT need to be understood by all executives. Where there are problems, it should not just CIO\u2019s problem.\nParting remarks\nShadow IT is clearly both an opportunity and an obstacle for CIOs. Its impact depends upon the CIO. Do they use it to build bridges or do they instead use it to build walls? Clearly, governance matters and for this, CIOs need better alignment to CEOs and line of business leaders. It is largely in the CIO\u2019s hands.