Please excuse the pun in the title of this piece, which may well refer to a different shadow cabinet by time of publication… The term ‘shadow IT’ has been around for a couple of decades – it’s an interesting concept, usually seen as a problem by IT teams, but perhaps worthy of closer examination.
In my recent Housing Technology article ‘D.I. Why?’ (May 2024 edition), I pointed out that every organisation has perceived needs that can’t be met by packaged solutions. There are also occasions when the organisation doesn’t know that the package could be a solution or has chosen not to use it for other reasons, such as cost and priority. These needs might go unanswered, perhaps denied by IT, or a custom solution might be sought. If the custom solution is developed without the knowledge of or permission from IT, then it’s deemed to be ‘shadow IT’.
F.U.I.T.
There’s a common view among people working in (especially large) organisations that the technology they have to use at work is awful; slow, difficult to use, visually unappealing, poorly specified and overly complicated.
Even when your IT team has been repositioned as a ‘digital, data and technology service provider’, inevitably they have to lay down the law regarding what’s legal, safe and strategic. The limited choice of sector-specific applications and the team’s limited capacity to respond to business needs often results in unflattering comparisons between the technology that people use at home and the clunky old corporate stuff they have to use at work. And like any body of authority in lean times, the IT team starts to look like the enemy of responsiveness and progress.
The somewhat-rude subtitle of this section neatly describes an attitude that can arise among colleagues. If they come to think that they can’t do their job effectively using the tools given, then they can rebel and choose their own tools. The ubiquity of low-cost SaaS products, mobile apps and now AI-driven products presents a tempting array of world-class ‘point’ solutions (many available free of charge) which can get a job done much faster than by following the authorised route. What’s not to like?
The phantom menace
The problem is that these tools, particularly when used in this way, are often not designed with corporate needs in mind. They present a huge risk to the organisation, in a number of ways:
- When signing up to any software tool, you always have to accept their terms and conditions. Of course, nobody reads these (a 2008 study from Carnegie Mellon University found that to read all the T&Cs one is presented with would take 72 years), so it’s safe to say that your colleagues are routinely signing contracts with suppliers unknown, terms unknown.
- Your colleagues are probably uploading private data belonging to employees, customers or suppliers to servers owned by third parties. Under GDPR, these become data processors, and without permission this is a breach.
- Most SaaS products are hosted outside the UK. This means that corporate data, and probably your customers’ data, is being uploaded to servers outside the jurisdiction of the UK’s privacy laws.
- The products being used are behaving in ways unknown to the people in the organisation responsible for process, security and safety. They could be altering your data or performance in damaging ways without detection.
The most concerning development in this space is a term I heard only recently: BYOAI (bring your own AI). A report last month by Microsoft and LinkedIn found that 78 per cent of employees are using AI tools not provided by their employer.
A new hope
All is not lost. To bring balance to the situation, we need to find a way to make the computer say “yes” to non-standard but legitimate requirements without recourse to secret or unsafe means. This is the whole point of low/no-code platforms; to bridge the gap between professionally-produced solutions and specific organisational needs, quickly and at low risk.
Microsoft is the technology platform vendor of choice for most housing providers, and its focus is organisational productivity in a secure cloud environment. Microsoft’s Power Platform, and in particular Power Apps, enables you to rapidly develop custom applications. These are natively integrated into the Microsoft Dataverse, the backbone of the Power Platform. Microsoft isn’t the cheapest technology vendor, but the value for money and time to value offered by Power Apps are very compelling compared with the cost of custom software development or indeed competing ERP development platforms (e.g. SAP).
Crucially, Microsoft is also at the forefront of development in the burgeoning AI market. Its Power Virtual Agents precede the release of ChatGPT by several years, and Microsoft was quick to forge a strategic partnership with OpenAI, undoubtedly the leader of the pack in the GenAI space.
Microsoft’s launch of Copilots was an early move to commercialise and integrate GenAI assistant technology into its platform, and in my view it was an astute strategic move. Interestingly, it recently (and quietly) announced the retirement of Microsoft’s GPT Builder utility, which enables you to build your own customised version of GPT for specific tasks. This seemingly-retrograde move signals Microsoft’s vision for GenAI as it develops; my understanding of it is that Microsoft regards GPT Builder as an example of the ‘Wild West’ character of GenAI to date and therefore unfit for enterprise environments going forward.
Your focus determines your reality
While Power Apps greatly speeds up the creation of apps and reduces technical risk, it’s not entirely without risk. Any technical development represents a ‘bet’ of sorts; an investment of time and energy from the people creating the app, those using it and those later supporting it. Also, being able to build something more easily in no way guarantees that you’re building the right thing.
However, it does offer you the opportunity to validate what you’re building faster and to course-correct (or abort) if necessary. This is where the real power of low-code lies; it’s not about producing more stuff per pound spent, it’s about producing it faster so that you can deploy and check quicker.
You’re better off making an app and then revising it three times than making four apps that don’t deliver sufficient value. When it comes to product development (which is what this is, make no mistake), less is more!
This is why at Esuasive, we provide a comprehensive suite of ready-made components to shorten time-to-value and reduce risk, and advocate our ‘true agile’ approach to low-code development; outcomes-focused, short delivery-validation cycles and measurable success criteria.
Working this way enables you to quickly square the often-competing demands around what the business needs, strategic IT necessities such as cyber security, device management and information governance, and what is provided by your packaged product vendors, thus removing the temptation for your colleagues to build their own gap-fillers.
Aidan Dunphy is the chief product officer at Esuasive.
