Reshuffling The Shadow IT Cabinet

By Aidan Dunphy, Chief Product Officer, Esuasive

Please excuse the pun in the title of this piece, which may well refer to a different shadow cabinet by time of publication… The term “Shadow IT” has been around for a couple of decades. It’s an interesting concept, usually seen as a problem by IT teams, but perhaps worthy of closer examination.

In my recent Housing Technology article D.I. Why? I pointed out that every organisation has perceived needs that can’t be met by packaged solutions. There are also occasions when the organisation doesn’t know that the package could be a solution, or has chosen not to use it for other reasons - cost, prioritisation etc. These needs may go unanswered, perhaps denied by IT, or a custom solution may be sought. If the custom solution is developed without the knowledge of or permission from IT, then it’s deemed Shadow IT.


There’s a common view amongst people working in (especially large) organisations that the tech they have to use at work is awful. Slow, difficult to use, visually unappealing, poorly specified, overly complicated. Even when your IT team has been repositioned as a “digital, data and technology service provider”, inevitably they have to lay down the law regarding what’s legal, safe and strategic. The limited choice of sector-specific applications and the team’s limited capacity to respond to business needs often results in an unflattering comparison between the tech that people use at home, and the clunky old corporate stuff they have to use at work. And like any body of authority in lean times, the IT team starts to look like the enemy of responsiveness and progress.

The somewhat rude subtitle of this section neatly describes an attitude that can arise amongst colleagues. If they come to think that they can’t do their job effectively using the tools given, then they can rebel and choose their own tools. The ubiquity of low-cost SaaS products, mobile apps and now AI-driven products presents a tempting array of world-class point solutions, many of them available for free, that can get a job done much more quickly than by following the authorised route. What’s not to like?

The Phantom Menace

The problem is that these tools, particularly when used in this way, are often not designed with corporate needs in mind. They present huge risk to the organisation, in a number of ways:

When signing up to any software tool, you always have to accept their terms and conditions. Of course, nobody reads these; a 2008 study by researchers from Carnegie Mellon University[1] found that to read all the Ts & Cs one is presented with would take 72 years. It’s safe to say your colleagues are routinely signing contracts with suppliers unknown, terms unknown.

Your colleagues are probably uploading private data belonging to employees, customers or suppliers to servers owned by third parties. Under GDPR these become data processors, and without permission this is a breach.

Most SaaS products are hosted outside of the UK. This means that corporate data, and probably your customer’s data, is being uploaded to servers outside the jurisdiction of the UK’s privacy laws.

The products being used are behaving in ways unknown to the people in the organisation responsible for process, security and safety. They could be altering your data or performance in damaging ways without detection.


[1] McDonald, A. M., & Cranor, L. F. (2008). The cost of reading privacy policies. I/S: A Journal of Law and Policy for the Information Society, 4(3), 543-568.

BYOAI is not just for Gen Z

The most concerning development in this space is a term I heard just recently: BYOAI. A report last month by Microsoft and LinkedIn states that 78% of employees are using AI tools not provided by their employer, and it’s across all company sizes and generations.

Survey question: Are the generative artificial intelligence (AI) tools you use at work provided by your organisation?

A New Hope

All is not lost. To bring balance to the situation, we need to find a way to make the computer say “Yes” to non-standard but legitimate requirements without recourse to secret or unsafe means. This is the raison d'ȇtre of low-code platforms, to bridge the gap between professionally-produced solutions and specific organisational needs, quickly and and at low risk.

Microsoft is the technology platform vendor of choice for most Housing Providers, and their focus is organisational productivity in a secure cloud environment. Their Power Platform, and in particular Power Apps enables you to rapidly develop custom applications. These are natively integrated into the Microsoft Dataverse, the backbone of the Power Platform. Microsoft isn’t the cheapest technology vendor out there, but the value for money and time-to-value offered by Power Apps are very compelling compared to the cost of custom software development, or indeed competing ERP development platforms (e.g. SAP).

Crucially, Microsoft is also at the forefront of development in the burgeoning AI market. Their Power Virtual Agents precedes the release of ChatGPT by several years, and they were quick to forge a strategic partnership with OpenAI, undoubtedly the leader of the pack in the GenAI space. Microsoft’s launch of Copilots was an early move to commercialise and integrate GenAI assistant technology into their platform, and in my view it’s an astute strategic move. Interestingly, they recently - quietly - announced the retirement of the GPT Builder utility[1], which enables you to build your own customised version of GPT for specific tasks. This seemingly retrograde move signals Microsoft’s vision for GenAI as it develops - my take is that they regard GPT Builder as an example of the ‘Wild West’ character of GenAI to date, and unfit for enterprise environments going forward.



Your focus determines your reality

Whilst Power Apps greatly speeds the creation of apps and reduces technical risk, it’s not entirely without risk. Any technical development represents a ‘bet’ of sorts, an investment of time and energy from the people creating the app, those using it and those later supporting it. Also, being able to build something more easily in no way guarantees that you’re building the right thing.

It does, however, offer you the opportunity to validate what you’re building more quickly, and to course-correct (or abort) if necessary. This is where the real power of low-code lies; it’s not about producing more stuff per pound spent, it’s about producing it more quickly so that you can deploy and check more quickly. You’re better off making an app and then revising it three times than making four apps that don’t deliver sufficient value. When it comes to product development (which is what this is, make no mistake), less is more!

This is why at Esuasive, we provide a comprehensive suite of ready-made components to shorten time-to-value and reduce risk, and advocate our True Agile approach to low-code development: outcomes-focussed, short delivery-validation cycles, measurable success criteria. Working this way enables you to quickly close the gaps between what the business needs, and what is provided by your packaged product vendors, thus removing the temptation to your colleagues to build their own gap-fillers.


An insight into Esuasive

Extending the golden thread – maintaining the financial profile of assets in real-time


Embracing agility to ensure success in business change projects


This website uses cookies to ensure you get the best experience on our website. Please let us know your preferences.

Please read our Cookie policy.