Sanjay K Mohindroo
Learn how to manage shadow IT with policies that promote innovation while protecting your enterprise. Insightful, strategic, and forward-thinking.
In every boardroom today, digital transformation is no longer a buzzword — it's a mandate. Yet, as organisations chase agility, a quiet rebellion simmers beneath the surface: Shadow IT. It's not an IT failure. It's a signal. A signal that employees are hungry for faster tools, smarter workflows, and fewer roadblocks.
I’ve spent two decades navigating the tug-of-war between enterprise control and bottom-up innovation. And what I’ve learned is this: Shadow IT isn’t the enemy. Poor governance is. The challenge is not to shut shadow IT down, but to manage it with policies that enable curiosity without inviting chaos.
This post is not a rigid rulebook. It’s a conversation with forward-looking leaders who are reimagining IT operating models, evolving CIO priorities, and building trust with digital-native teams.
Let’s explore how to manage Shadow IT without killing the spirit of innovation that fuels your future.
Shadow IT Is a Boardroom Issue
When finance teams bypass IT to adopt new SaaS tools, or when product leads sign up for third-party APIs without procurement, it's not just a tech concern. It's a risk to data privacy, compliance, and operational resilience.
Shadow IT directly impacts:
· Cybersecurity posture: Unknown apps = unknown vulnerabilities.
· Regulatory exposure: Breaches and non-compliance trigger reputational and financial penalties.
· Duplication of costs: Redundant software leads to waste.
· Decision-making opacity: Disconnected systems cloud your data.
For board-level stakeholders, this isn't about software. It's about trust, risk, and visibility. As digital transformation leaders, we must enable innovation while protecting the integrity of enterprise systems.
Current Trends & Data: A Crisis of Control Meets a Surge of Creativity
According to Gartner, by 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility — up from 41% in 2022. That’s not a warning. That’s a wake-up call.
Here’s what’s driving this:
· Explosion of SaaS: Teams can now deploy powerful apps in minutes.
· Hybrid and remote work: Employees self-service their tech needs.
· Agile delivery models: Faster iterations, fewer gatekeepers.
· Low-code/no-code tools: Anyone can build an app.
But with creativity comes complexity. Cisco's 2023 Security Benchmark Report found that over 43% of data breaches in the past year could be linked to unsanctioned applications or services.
This is not just about policing tools. It's about understanding why your people feel the need to go around IT in the first place.
Leadership Lessons From the Frontlines
Over the years, I’ve worked with enterprises where shadow IT was rampant and others where it barely existed. The difference? Culture and communication. Here are three lessons that changed how I lead:
1. Curiosity beats crackdown.
Early in my career, I led a crackdown on unapproved cloud storage apps. We blocked them. The next day, they were back under new URLs. What we learned was simple: people didn’t want to break rules; they just wanted to share files easily. So we shifted from blockers to conversations. We asked: What are you trying to do? Can we help you do it securely?
2. Shadow IT often signals unmet needs.
A marketing team in one company I worked with had adopted its own CRM. It wasn’t a rebellion. It was survival. The enterprise CRM was too slow, too complex. We didn’t shut them down. We co-created a custom integration that met their goals and passed IT review.
3. Empowerment builds alignment.
At a major auto company, we launched an internal "Innovation Portal" where any team could propose, trial, and scale digital tools with IT's support. Shadow IT didn’t vanish. But it moved into the light. And with that came a 30% improvement in digital project alignment.
A Practical Framework: SHAPE Innovation Without Losing Control
Here’s a simple framework I use with boards and CIOs to manage Shadow IT:
S – Survey
Map what’s happening outside official channels. Use discovery tools to identify unapproved apps.
H – Hear
Talk to teams. Understand the intent behind tool adoption. Are they solving for speed, features, or flexibility?
A – Approve Fast
Create a fast-lane approval process for non-critical tools. Offer light governance for low-risk innovation.
P – Partner
Set up embedded IT liaisons in high-innovation departments. Become co-creators, not compliance cops.
E – Educate
Run awareness sessions on data risks, compliance issues, and secure procurement practices.
This model isn’t just a process. It’s philosophy. It reframes IT from gatekeeper to guide.
Case in Point: A Global Bank's Shadow IT Turnaround
A Fortune 100 bank discovered 600+ unauthorised apps in use. The instinct was to shut it all down. But their CDO saw an opportunity. Instead of enforcing controls from the top, the bank:
· Created a "Digital Sandbox" for teams to trial tools with IT oversight.
· Introduced tiered risk profiling. Low-risk tools got automatic approval within days.
· Set up a cross-functional Innovation Council.
The result? In 18 months, unauthorised app usage dropped by 55%. Employee satisfaction with digital tools rose by 40%. And the board saw lower risk and higher agility.
This is what modern IT leadership looks like.
A Call to Action for CIOs and Boards
Shadow IT isn’t going away. But neither is your need for security, compliance, and visibility.
As IT operating models evolve, we must shift from controlling technology to orchestrating it. The goal isn’t to own every tool. It’s to create a culture where innovation thrives safely, transparently, and at scale.
Here’s what I believe:
· Digital transformation leadership requires empathy, not edicts.
· Emerging technology strategy must leave room for user-led discovery.
· CIO priorities must include business enablement, not just control.
· Data-driven decision-making in IT requires visibility into all sources — even those that are unsanctioned.
If you’re a senior leader reading this, I invite you to share your experiences. How are you managing the tension between freedom and governance in your organisation?
Let’s build policies that serve both sides of the innovation equation.