Low-code and shadow IT

By See all articles from the author: Erik Lundegaard Hannisdal
25. August 2020

When IT departments are first introduced to low-code, a question we often get is whether this will lead to an increase in shadow IT. After decades of ‘user productivity’ tools, IT managers are nervous to introduce a new platform that they believe may lead to rogue applications outside of their control.

Our claim is that low-code is most likely the best way to battle shadow IT and to bridge the gap between business and IT. To understand why, we need to take a deeper look into what shadow IT is and where it comes from, and also understand why IT departments fear it so much.

What is shadow IT?

Broadly defined, shadow IT refers to any technology introduced into the organization to deliver applications that have not been sanctioned by a central IT department. This may for instance be individual business productivity tools (such as BI-tools, Access, or Excel spreadsheets), departmental spreadsheets, or even organization-wide solutions that have passed the radar of IT. These solutions are not necessarily just rudimentary spreadsheets or databases, but may also include enterprise grade SaaS solutions obtained without the formal inspection and control from IT.

Where does it come from?

As organizations grow and evolve, overly siloed organizations often result in communication and productivity disconnects between central IT and the rest of the organization. With a continuously growing complexity of systems, applications, networks and hardware, IT organizations soon become busy by just running day-to-day operations and ensuring that the systems in place are functioning properly.

From a business department perspective, this often result in a lack of proactive recommendations and support from IT. Perceived as a lack of capacity or willingness from IT to actively understand and support business-side challenges, ambitious employees and business departments soon try to find their own ways to move forward. When this is combined with long approval periods by IT of proposed solutions, and even counter-proposals with even longer implementation times, IT is soon cut out of the process when new solutions are considered.

The result is an increasing number of departmental or individual IT solutions that pass through the hands of IT and the CIO, but are soon expected (by the organization) to be considered a part of the IT portfolio.

Why are IT leaders so afraid of shadow IT?

When employees and business departments implement these solutions, they are not looking to offend central IT or threat the CIO. These solutions are often critical to optimize departmental operations or increase the effectiveness of individual employees. Further, the solutions by themselves are not necessarily bad, they may even be state-of-the-art in their category.

However, the introduction of such solutions often threatens an important mandate of central IT: to control the risks associated with technology in the organization. Without giving IT the opportunity to ensure compliance with sanctioned guidelines for e.g. documentation, reliability and security, the solutions represent unknown risks in an otherwise “controlled” environment. Risks may include loss of data, violation of laws and regulations (e.g. GDPR), and unauthorized access to sensitive company information.

Further, shadow IT solutions may introduce inconsistencies in business logic or business data. When solutions are implemented without collaboration with IT, business logic may be inconsistent with centrally consensual rules. Also, the data these solutions use may be extracted from other systems without thorough understanding of the underlying data models. In worst case, this may result in important business decisions being made on the wrong basis.

Finally, the continuing introduction of shadow IT may put fuel to the fire of the already fragile business-IT-relationship. Reduced trust between IT and the rest of the organization leads to an increasingly dysfunctional business environment, where central IT and business units have conflicting views on IT-related issues.

Low-code and shadow IT

The question is then: Are low-code platforms contributing to shadow IT? No, quite the opposite – a low-code platform sanctioned by central IT can be essential to mitigate shadow IT. The important premise is that the low-code platform must be governed and supported by the central IT department.

Through a thorough evaluation of low-code platforms, central IT should be able to find one that meets their requirements and expectations. This platform can then be used to more rapidly build solutions that meet business requirements alongside business users, bridging the gap and building a common understanding. Further, modern low-code platforms provide:

  • Modern integration options and APIs to become an integrated part of the IT architecture and get data the right way from the right systems and applications.
  • Advanced out-of-the-box security and authentication solutions. Applications built on the platform should easily be configured with the right level of security, and should provide the same authentication methods used in the rest of the organization.
  • Scalability, and the opportunity to extend the use from individual, to departmental, to organization-wide.
  • Options to have both development, test, and production environments with easy deployment between environments. Not all low-code platforms provide this, so make sure the platform you choose adheres to the guidelines of your organization.
  • Both on-premises and cloud options. While low-code platforms are often provided as cloud services, make sure that you are also able to deploy solutions on-premises. Some solutions may be better suited for your internal infrastructure.

Bridging the gap between business and IT

As we have mentioned in a previous blog post, the Business Engineers of your organization are an invaluable resource to get ahead in the digital race. Not only do they have a deep understanding of your business processes and business domain, they are eager to participate in developing solutions to your business problems. Most likely, they are already developing solutions with suboptimal “business productivity” tools such as Excel or Access. Modern low-code platforms represent an opportunity to tap into the creative forces of these employees. Further, these platforms create a foundation for alignment between the IT department and Business Engineers, and a common ground for IT to collaborate with- and mentor them.

Further, some low-code platforms can even enable Business Engineers to develop advanced, core business applications that are a part of the overall IT architecture: with enterprise-level security, API governance, scalability, and conformance to guidelines.

Low-code should not be perceived as a threat to central IT or an evil source of shadow IT. Most likely, it is the best solution to unite business and IT and eliminate rogue solutions in your organization. Rather than maintaining tight control from an ‘ivory tower’, the modern CIO embrace the IT organization as a ‘center of empowerment’ for the ambitions of the organization.

To learn more about how your IT organization can release the potential of Business Engineers in your organization, feel free to contact us.

Related blog posts
The rise of the Business Engineer
17.08.20

Low-code platforms enable a new group of talent to participate in application development projects: the Business Engineers! But who are these people?

Read more
The key to low-code success
12.08.20

One of the most crucial elements in order to successfully integrate low-code as a part of your IT strategy is to get started with cross functional teams

Read more
Erik Lundegaard Hannisdal avatar image
Erik Lundegaard Hannisdal

Erik Lundegaard Hannisdal is Head of Sales at Genus. He is constantly striving to help companies realize the value of low-code and expand the low-code community.