How Low-Code Can Help Mitigate Shadow IT

Author: Marcelo Andrieu, Appian

Business applications have become a mainstay in just about every organization, of every size, in every industry and region. They help solve some of the toughest challenges organizations face by streamlining processes and providing increased efficiency and oversight. Historically, IT departments have been solely responsible for the provisioning of business applications. But with IT resources becoming more and more constrained, business leaders may face prohibitively long development timetables and slow rollout of the needed applications. 

What is shadow IT?

When business stakeholders think an IT solution will take too long to develop (or when they worry they won’t get an effective solution in the end), they work around IT and buy or implement their own solutions. This is called shadow IT. 

While this can solve their problems in the short term, it sets up much larger problems in the long run. The organization ends up acquiring a rag-tag collection of software and products, adding even more to the IT department’s plate when it comes to maintaining, repairing, or integrating these solutions into the greater IT landscape. And the problem of shadow IT is only accelerating. In a recent survey from The Economist Intelligence Unit, 55% of respondents said business units already do more than IT to procure or develop new applications. What’s more, 53% of business decision-makers believe the volume of applications built or sourced by non-IT business units, rather than the IT department, will increase over the next 12 months.

Shadow IT is a catalyst for technical debt. 

Shadow IT can cause messy issues in the long term, including fragmented systems with siloed data, security risks, and governance issues for the CIO. As departments stand up more and more solutions without IT’s involvement, they run the risk of incurring massive technical debt. Some accrual of tech debt is an inevitable part of running business processes with technology. But too much tech debt can eat away at IT resources and distract from innovation and more important projects. A 2020 McKinsey survey found that 10-20% of a typical tech budget ends up redirected to technical debt resolution. Furthermore, 60% of the CIOs surveyed reported that their technical debt has risen perceptibly in the previous three years.

Mitigating tech debt and its causes—especially shadow IT—is crucial for IT teams to be successful in the face of evolving business needs and increasing application demands. But if they’re still developing applications with traditional high-code approaches, IT departments will never be able to keep up. Low-code can help. 

Shadow IT and tech debt present organizations with ruinous vulnerabilities that could be avoided with proper planning and tech implementation. Low-code platforms are designed to prevent and solve 3 common challenges tied to shadow IT. 

Challenge 1: Speed of application development. 

IT teams face an enormous challenge to deliver and support more applications than ever before. Forbes reports that most organizations run more than 100 different applications, with some having as many as 1,000. For IT, this is leading to average backlogs of 3-12 months for planned projects, and that volume is only increasing.

Low-code can drastically improve speed to build. A 2021 Forrester report found that low-code platforms can improve app development speed by up to 17x. This improved speed grants something exceptionally rare in IT departments: time. Freeing up employee time means IT can get a leg up on its backlog. Suddenly, business requests are addressed quickly, removing the need to seek out external solutions. An IT department without a tremendous backlog can be an active partner to business teams that need applications.

Challenge 2: Security and compliance.

When shadow IT runs rampant, security and compliance become issues. Larry Ponemon, founder of technology research firm The Ponemon Institute, explains: “Many IT decisions are now distributed throughout the organization at the line-of-business level. From a security point of view, it’s a nightmare scenario.” 

Without IT’s expertise to help select, build, or integrate new technology, business teams can overlook risky security vulnerabilities or choose applications that may not meet regulatory standards. This is especially concerning in the modern climate of hybrid work—throughout the pandemic, Infosecurity Magazine reported that 98% of US-based organizations experienced at least one cyber event, meaning any digital occurrence that may result in unauthorized access to confidential data of some kind., Security risks and non-compliance can lead to hefty fines, loss of customer trust, and more.

The burden of rectifying these issues in a high-code environment is exceptional, especially if IT developers are forced to pore over lines of code to find small—but significant—vulnerabilities. It can feel like searching for a needle in a dozen haystacks. Sophisticated low-code platforms include built-in security features that automatically govern the applications running on them. This makes IT’s job easier, and it also means the security of your applications is always up to date.  

Challenge 3: Lack of collaboration between the business and IT. 

Shadow IT is really a symptom of a larger problem: a general lack of alignment between IT and business teams. When business stakeholders think an IT solution will take too long or worry they won’t get an effective solution in the end, they work around IT and buy their own solutions. It becomes a vicious cycle, where integrating software without IT oversight leads to an increasingly disconnected tech stack and even more technical debt for IT to manage, further slowing down operations—and on and on. Organizations also run the risk of having disorganized—or simply unavailable—data in their software. Ongoing optimization is made nearly impossible as IT teams must focus on mission-critical repairs rather than innovation. 

With low-code, the business and IT work together to define the application and iterate on feedback. Mapping out apps in a visual designer means business users can easily see how an app is coming together and provide feedback early and often. They can more effectively collaborate with the development team to increase the likelihood that the final app is exactly what they need. Plus, ongoing maintenance requests, application updates, and new customer demands can easily be communicated in a way that helps development teams rapidly adjust and implement. IT becomes a better, more trusted partner to the business, which helps further mitigate shadow IT in the long run.

Decoding the shadow IT problem.

It’s no surprise that shadow IT has become so ubiquitous. IT departments are perhaps one of the most burdened departments in any given organization, having to triage requests from each and every other department, while managing their own systems and maintaining just about every piece of software the business uses. An exclusively high-code environment exacerbates this further by allowing silos to form, spawning countless tedious maintenance tasks, and increasing the amount of time needed to build.

Low-code tools empower development teams to do much more, while spending significantly less time and money. With low-code’s accelerated development speed, requests won’t pile up as quickly, which means IT can even start chipping away at its backlog. Apps created using a low-code platform also carry a much smaller burden of ongoing maintenance and are far less susceptible to the risks of regulatory non-compliance or data breaches.

Businesses rely heavily on their IT teams, and must provide the right tools for IT to thrive in the face of increasingly weighty requests. With low-code tools as part of their arsenal, developers can take on more innovative work and vastly improve their development speed, while creating powerful apps that meet the demands of the  business.

Learn more about how low-code helps combat IT challenges in The Future of Enterprise Application Development. 

Posted: January 26, 2022

1 “IT’s Changing Mandate in the Age of Disruption,” The Economist Intelligence Unit (2021):

2 Vishal Dalal et al., “Tech Debt: Reclaiming Tech Equity” McKinsey (Oct. 2020):

3“Shadow IT: You Can’t Protect What You Can’t See” Forbes (Aug. 2019):

4“IT’s Changing Mandate in the Age of Disruption,” The Economist Intelligence Unit (2021):

5 “The Total Economic Impact of Appian” Forrester (June 2021):

6James Coker, “Almost All US Organizations Experienced a Cyber Event in the Last Year” infosecurity magazine (Oct. 2021):

7Law Insider, “Cyber Event Definition”,Sample%202

Marcelo Andrieu


Marcelo Andrieu has over 20 years experience in the software industry. He is currently the senior product marketing manager at Appian, a leader in low-code. Previously, he has overseen product management for Acronis and GroupLogic. 

Low-Code Guide

Low-Code development is the way to build apps more quickly by reducing the need to code.