In today's fast-paced digital world, businesses use many software applications to run their operations, innovate, and grow. These collections of software, known as tech stacks, are crucial for modern companies. But, not all these tools are approved by IT departments. Many employees and teams use more tools on their own, creating what's known as "shadow IT."
This practice is common in fields like marketing technology (Martech) and beyond, and it comes with both benefits and drawbacks. In this article, we'll explore the visible and invisible parts of tech stacks, discuss the pros and cons of shadow IT, and offer tips on how businesses can manage this complex issue.
The Tech Stacks Landscape
A SaaS management platform revealed that even after a year of budget cuts, the average small to medium-sized business (SMB) with 500 or fewer employees still uses 162 SaaS apps. Mid-market companies with 500 to 2,500 employees have 245 apps, and large enterprises use 650 apps.
This is no longer surprising, right?
Oh, and by the way, those numbers don’t include:
Any custom apps the company has built, including those made with low-code or no-code platforms.
Any apps used by employees without being expensed. Mobile apps, such as social media, learning tools, personal productivity, and creative tools, are the most common examples.
Any apps used by freelancers or hired services firms, like agencies or consultancies, While these might not be considered part of your tech stack, their work often interacts with your systems, even if through manual processes.
There are a large number of free or freemium websites that employees use but aren’t thought of as “apps,” despite providing data or functionality crucial for your business. For instance, do you consider Google Search an app? It's probably not, but it’s one of the most sophisticated pieces of software on the planet, and your employees rely on it daily.
In essence, software is everywhere. It’s challenging to get an accurate count of all the apps a company uses because the further an app is from central IT's "managed" area, the less visibility there is.
This blurry area is where shadow IT exists. Yet, the boundary of visible IT has been expanding. Any app not managed by IT was considered shadow IT. Now, department-owned apps have moved from the shadows into the spotlight, making up the largest percentage (48%) of managed apps in tech stacks and accounting for the majority (69%) of the spend.
In contrast, IT-owned apps only account for 17% of apps in stacks and 28% of the spend.
Read more: 2024 MarTech Landscape Infographic
Who is the shadow?
Zylo, the source of the data I'm using, defines shadow IT as apps that individual employees expense, either for themselves or their teams, that fall outside the official procurement and governance process.
It's fascinating that this redefined shadow IT makes up 35% of the number of apps in tech stacks, yet only 3% of the spend. This means there are a lot of small apps.
The common belief is that shadow IT is bad, like trans fats. The three main reasons are:
It may be wasted spending, duplicating existing IT-approved licenses.
It may be ungoverned by IT, presenting security and compliance risks.
It may be disconnected from the main tech stack, creating data and process silos.
These are all valid concerns. Yet, the first issue seems less severe when we realize it’s 3% of the total. The second and third issues are harder to measure, but this works both ways: the costs of these issues could be small or large and may become clear over time or during a rare "Black Swan" event.
But we should also consider the other side. Why do people buy Shadow IT? Is it just to rebel against the system? With a SaaS subscription? It was not exactly a heroic act.
Evaluating the benefits of shadow IT
Individuals and teams often adopt SaaS products outside their company’s official tech stacks to perform better in their jobs.
Is this shadow IT or product-led growth (PLG)? Sometimes the official apps don’t meet their needs—they may be too hard to use, lack necessary features, deliver poor outputs, take too long, cost too much, or lack enough training.
While I don't have hard data, my experience and feedback from others show that using these outside apps boosts creativity, innovation, and productivity. It helps get things done and pushes the company’s processes and capabilities forward, preventing stagnation in talent and technology.
This doesn't cut the downsides, but it presents a significant trade-off. There's both reward and risk for individuals and the company, balancing on the scales of shadow IT.
One reason shadow IT is popular is that many SaaS companies offer free, freemium, or low-cost options to individuals and teams. These products prove their value on the ground and then scale up to become adopted across the enterprise. This "bottoms-up" product-led growth (PLG) strategy is effective.
Other article: The Turning Point: Martech Systems Vs. Martech UX Complexity
PLG apps benefit by delivering value. They focus on:
Building for openness and integration with existing workflows.
Creating products that make users happy and successful.
Delivering instant value before monetizing.
This approach appeals to users since big legacy enterprise platforms often haven’t prioritized user happiness and success. Now, due to competitive pressure from PLG apps, this is changing.
A major benefit of PLG apps is better utilization. People use the apps they like and resist those they don't. When individuals or teams pay for their own licenses, the buyers and users are the same, leading to more efficient use.
With usage-based pricing, PLG products align expense with utilization: you pay for what you use, and you use what provides value.
Redefining IT to eliminate shadow IT
Despite the benefits, shadow IT has downsides like compliance, security, and data silos. How can we mitigate these without losing the benefits?
Reducing Shadow IT in Martech and Beyond
I believe it’s possible.
Step 1: Separate Technical and Financial Approval
We've already done this at the departmental level. Marketing covers the cost of their platforms, which go through IT for security and compliance checks. Apply this model to individuals and teams: any app they want to use should undergo a security review, but they decide whether to pay for it based on their budget and justification. Small expenses should be scrutinized by those using the app, not by a distant department.
Step 2: Increase Security Reviews
Yes, this means more security reviews, but it doesn’t have to be all or nothing. Create a larger menu of approved apps. It doesn’t need to include every app, but more than just one per category. Teams could even "pay" to submit a new app for review.
Step 3: Use SaaS management platforms.
SaaS management platforms, like Zylo, could offer vetting-as-a-service for popular apps, streamlining the review process for IT teams.
Learn more: Did MarTech Disrupt B2B Marketing?
Step 4: Create a Sandbox for New Apps
Allow users to experiment with free or premium apps in a controlled environment. This helps determine if an app is worth a full review without compromising security. Users experiment with apps in the shadows. Providing a structured framework for experimentation makes this process visible and manageable for IT.
Balancing visible and invisible tech stacks like Shadow IT is crucial in MarTech. While shadow IT fosters innovation and agility, it also poses risks to security and compliance. Organizations should embrace its benefits through open communication, robust governance, and clear policies, ensuring that both visible and invisible tech elements work together.