Power Platform | That´s Shadow IT isn´t it?

This „low-code thing“, I should activate / buy and let anyone create stuff, right? Ending up in uncontrollable amount of software pieces, backfires on IT for my team to support bugfixing. Or even more, serving as data leakage tool that everyone uses, unless I…

…shut down this service and prevent Shadow IT.

CIO of company

I have to admint, this statement from a CIO I took from personal meeting notes is almost a year back, but since I recently came across Shadow IT again, it inspired me on writing this article and sharing some thoughts.

There´s no doubt, Shadow IT is still around and due to rapidly growing AI services, such as ChatGPT being able to come back with lines of code written for someone being completely new to software development, will even accelerate in the years to come. On the other hand, thinking about a „shut-down“ mentality might help in terms of avoiding or preventing it, is thinking in the wrong direction. In fact, I´ve seen people being blocked or „shut-down“ from services becoming even more motivated to start working around IT, finding solutions to their issue or their problem on their own. And in many times this ends-up in even stronger Shadow IT MAU, than being allowed to do Shadow IT in a controlled manner.

But before talking about the good and the bad things around Shadow IT, I reviewed my notes taken during the meeting where above statement was given. I wrote down:

• Do I need to push back immediately?
• Should I start explaining why this mindset would force even more Shadow IT?

Instead, I took a different approach, I started by clarifying of what possible motives them considering when adding low-code tools to the companies toolbelt – becoming part of their overall IT strategy. To inspire for this discussion I shared with them, companies typically following company-wide business goals and it could be helpful to think of them and asking yourself: What would be needed or required to fulfill on these goals from an IT scope perspective? The resulting list was narrowed down by myself and shared in the following visual with the audience to help recap our meeting results.

You can find the most frequently or top rated answers in the green honeycombs inside above visual. There might be more motives to include and your top rated or major ones may look different. In the end we should all agree on motives should drive overall or company-wide business goals. With that excercise we found answers to the WHY, and could throw in a Hypothesis here:

Given the why´s of investing into low-code tools and assuming we´re changing our best-practices for avoiding Shadow IT – Would we rather drive more or eliminate Shadow IT?

Our Hypothesis

That obviously resulted in some questions marks and to continue the flow of the discussion it needed some help to elaborate on Shadow IT itself. From my notes taken: Seems the audience is considering of me saying them doing something wrong. Or with a reference to Taylor Swift:

It’s me, hi, I’m the problem, it’s me

Taylor Swift – Anti hero lyrics

Back to the conversation we were having. To find proper definition of Shadow IT and what we all want to avoid running into, I asked the following question:

Can you name something negative you combine with the terminology „Shadow IT“?

Me asking the IT audience

The audience started thinking and shortly throwed in a couple of items, such as

• Avoid data leakage
• Control sharing of apps, bots or flows inside our company
• Becoming the support department for „Citizen Developers“ – fixing their apps, bots and flows
• Low-code is „for the kids only“. As professional developer, I am not going to use these tools
• …

The list we´ve been collecting could fill a good piece of two paper as you can imagine. But I didn´t stopped collecting the items with the audience. Looking at some of the items more closely I started asking another question:

Can you imagine anything good about Shadow IT?

Me asking the IT audience

Again, looking at some of the items noted down earlier, the audience started thinking about some more „pro´s“ to Shadow IT in general, such as being less IT backlog focused or many repetitive tasks should be done from a self-service enablement of everyone. For some of them it needed some more given examples, such as:

Imagine a user being in need of data from your legacy systems, them being aware of and using the Export to CSV option inside this software to come up with tons of Excel files them aggregating and storing on file shares to collaborate with colleagues. Would you rather rate this being a risky- or a beneficial part of Shadow IT?

Consider a business problem given, a user asks IT (submits a ticket, sends a teams message, sends an email, phones the IT department, etc.) for a problem solving software asset. Due to the lack of resources (time, effort, manpower, etc.) the item fills up the IT backlog. After 48hours of non-reply the user starts asking again, and again. The user finally being super frustrated around the problem meeting another person describing the business problem. That person immediately providing an answer of why not using a software X to solve the problem. This statement given being a risky or beneficial part of Shadow IT?

As a group we shortly figured out, there´s no one-size fits all. There´re risky parts of Shadow IT as well as beneficial parts of Shadow IT. The question though remains the same – how to avoid Shadow IT? So we needed another Hypothesis here:

What would be, if we combine the risky and beneficial parts of Shadow IT and for the sake call it out being the „Healthy or Good Shadow IT“ then?

Hypothesis on combining strengths and weaknesses to become opportunities instead

Questionmarks were to be taken from the facial expressions of the participants. Combining them and make it an opportunity? Yes, I said, why not making Shadow IT an opportunity for your IT strategy but obviously find solutions to avoid the risky parts of it. You may imagine how the meeting ended. Us considering Power Platform Governance and Guidance capabilities and imagine a world of a healthy Shadow IT, controlled, monitored and secured by IT Management. With works council approval included, where needed and self-service automation enabled to simplify IT departments life.

Here´s where your journey might get started now. Until then, …