July 30, 2025 • 20 mins
Shadow IT: The Secret Weapon – Top 10 Ways Business Analysts Can Use It For Good
Think Shadow IT is just a security risk? Think again. In this week’s episode of The Better Business Analyst, I’m breaking down the Top 10 ways Shadow IT can actually help you become a better BA and drive smarter business change.
We’ll cover:
Spotting Shadow IT – What it is and where to find it
Understanding Why It Happens – The hidden gaps it exposes
Balancing Risk and Reward – The real dangers (and hidden upsides)
Innovation in Disguise – How unofficial tools spark new ideas
Pain Point Radar – Why Shadow IT is your best early warning system
Mapping the Underground – Surfacing and tracking shadow tools safely
Building Trust – Turning “gotchas” into open conversations
From Hack to Prototype – Turning grassroots solutions into real value
Triaging What to Keep, Kill, or Scale – Practical decision-making tips
Citizen Development – The rise of low-code and how BAs can lead the way
Tune in for stories, practical examples, and the honest, no-fluff take on how to turn those rogue spreadsheets and apps into your secret weapon for business improvement.
Ready to see Shadow IT in a whole new light? Listen now.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
This topic most IT leaders and business analysts tend to view
as a problem, but it's actually a massive untapped opportunity
we're talking about. Shadow IT.
Those unofficial apps, spreadsheets, and tools your
(00:23):
colleagues are using under the radar.
Is it a risk? Sure, but for a switched on BA,
it's also a treasure map to painpoints, workarounds, and
innovations happening in your organization right now.
The Better Business Analysis Institute presence, the Better
(00:45):
Business Analysis Podcast with Kingsman Walsh Welcome back to
the Better Business Analysis podcast with your host Benjamin
Walsh. And before we dive into shadow
ITI wanted to let my dedicated listeners know that at the
(01:08):
Better Business Analysis Institute we are changing things
up. To be straight up, I need a
pivot. We are not getting people
signing up for a certified business analysis course if we
don't do it in person. So what we're going to do is
we're going to take all that great content.
There's so much content on there, and we're going to
reorganize it into ABA monthly membership.
(01:33):
And what I would like you to do is there's a question on the
Spotify version of this podcast,and I want to know whether or
not you're interested in that ornot.
It's no obligation. It just tells us whether or not
you'd be interested in a paid subscription that would give you
access to all our training videos, coaching chat, and a
(01:57):
whole lot of other member only content.
If that's something you're interested in, then please just
let me know. Right, onto our topic.
Today we are talking about Shadow IT.
We are moving beyond the usual risk warnings and diving into
how we can use Shadow IT to drive smarter change, discover
(02:22):
real needs and even turn grassroots X into business
value, which I've seen a number of times of light.
So if you think of vibe coding at the moment, think of some of
the automation tools, you think of some of the smaller apps that
say HR just loads up or marking loads up my HubSpot.
The reality is this is what's happened in response to a very,
(02:45):
I, I guess either one IT which is driving its own road map of
business need, which happens a lot or just it's really hard to
get things done or limited budget and OpEx IT spend which
is decentralized. So we're going to drop into 10
top tips for dealing with ShadowIT as ABA.
(03:09):
And the first point is what is shadow IT really?
It's any tick apps, databases, spreadsheets.
We used to say spreadsheets in abad way.
Like spreadsheets and Access databases, it concludes
workflows that people use without official IT approval.
(03:32):
An example, as a sales team build their own CRM in Airtable
because the official system is too slow, it's been customized
too much. Don't start with fear, Shadow.
IT exists because people want toget work done.
They've got jobs to be done, andso they go and find a solution
(03:54):
to solve that problem. Now shadow IT isn't always
intentional rule breaking. Often it's just people trying to
get the work done faster. It's not limited to IT heavy
organisations. Every workplace has some version
of this, from shared Google Docsto WhatsApp groups.
(04:18):
And I guess what you need to think about is what shadow tools
are people quietly using in yourbusiness?
Shadow. It is a signal, it's not just a
symptom. And we'll get on to that in a
minute #2 is why Shadow IT happens and why that's a clue.
(04:46):
Shadow IT thrives where organizations and official tools
are slow, unresponsive, or simply miss the mark.
People take shortcuts when the system quote UN quote isn't user
friendly or doesn't address a key pain point.
I can't do all my things or I want an appified version of the
(05:09):
world. And what I mean by that is a lot
of people like to complete a number of set tasks in one
application. And that was developed into the
concept of an app which you now have on your phones.
And in the desktop version of, well, we don't, we have apps
now, but we used to just have executables that did one
(05:31):
distinct feature or function. And now people wanted these kind
of apps. And these enterprise tools have
had to create sub apps to run onyour phone.
So you can use them like they'recalled web apps or, you know,
just native apps that run on your phone and they are a little
bit of the whole system and people like that experience.
(05:54):
There's an example where a team might be using their personal
Slack group to collaborate because the company's messaging
system is locked down and cumbersome.
So a lot of people are worried about Microsoft Teams monitoring
their chats. So they use WhatsApp or they use
a Slack channel and then they can moan about their manager.
Happens everywhere. When you find shadow IT, ask
(06:16):
what problem are they actually solving that's not being
addressed? OK, what is this trying to
solve? Is it like a unofficial office
chatter? Maybe that can be done within
the application, but it's totally locked down and people
know that that information is not going to be reviewed.
(06:36):
Sometimes it highlights a disconnect between policy and
reality. IT thinks the tools fit for
purpose. User disagrees.
Shadow IIT often appears first in high pressure areas where
delays cost money or reputation and they just can't wait a year
to get approval. Now we'll get to some of the
(07:00):
points around the fact that thisis not always a good thing and
that, you know, just because someone wants something, it
doesn't mean that they should beallowed to have it.
But IT isn't the gatekeeper. The tip is to use shadow it as
your early warning system and look for the root cause using
the five whys #3 the risks. But don't stop there.
(07:26):
The standard narrative is risk. OK data links, non compliance,
lack of support. But stopping at risk means
missing the value and intent behind shadow it.
So simply it usually takes not been involved.
We're just getting rid of any Access database.
It's just not secure. We'll stop allowing you to send
(07:49):
files over e-mail or Excel files.
Column one. An example might be sensitive
client data is shared on an unapproved Google Drive.
No version control, no order trail happens often.
Shadow IT can also lead to duplicate if it data silos and
(08:13):
breakdowns and reporting. That's a big one.
When you think about data being saved in an Excel spreadsheet,
which happens all over the worldand every organization.
You've probably got one on your computer right now that's not
saved to a shared drive that isn't connected to the
enterprise reporting tool, whichmeans you've got some key data
in there and you can't report onit.
(08:33):
This is a problem for data and analytics.
But if you just decide to clamp down on shadow IT, users will
just find sneakier workarounds that you don't know about.
Or worse, they'll put it on their personal computers.
Mitigating risk is essential, but understanding why the risk
(08:55):
emerged is just as important. Always follow up a risk
conversation with a needs conversation.
So we know she did this, and you're really going to stop
doing that. But let's send the BA in and
let's have a conversation about what you really need and how we
can do it without putting our client data at risk #4 shadow IT
(09:22):
as a source of innovation. OK, this is the good bits.
Many shadow tools are actually cleverer hacks or genuine
process innovations, essentiallygrass root R&D.
A customer support team could use Zapier or make.com to
automate ticket allocation, making response times the 30%
(09:46):
faster. That's awesome, but Zapier is
not an approved app shadow. IT often emerge from power users
or natural entrepreneurs inside the organization that sometimes
become BAS and can be a low costway to troll new approaches
before a big IT spend. So we just tried it when you
(10:07):
say, oh, we just did a proof of concept in the business IT you
see them melt like a witch who'shad water thrown at them.
But these grass roots innovations sometimes become the
blueprint for official systems. If you're paying attention, you
need to give credit where it's due surface and celebrate smart
(10:29):
solutions even sound official oreven better.
My top tip here would be to havea, a log of these systems that
are unofficial, a little monitoring, do it safely, set it
up and allow people to try theseapps right, for a certain amount
of time. But then there's a business
decision that needs to come to force at a certain point, and
(10:51):
they need to know that they needto get their data out.
But that's the same with any enterprise system #5 shadow.
IT exposes hidden pain points. Every shadow tool is an X-ray of
some underlying issues, usually a broken process or a feature
gap. So then you might have the
(11:12):
fields sales staff, the the sales team that's out in the
field using WhatsApp to coordinate visits because the
CRM doesn't work offline. That's a real common one.
I've done a lot of Dynamics 365 customization and the customer
space and you know, it happens. You have to build a power app
and then it doesn't always sync.It's it's got better in the last
(11:36):
couple of years, but you know, that's a real problem Shadow.
IT is often the first signs of abroken journey in a process, the
bits of the process that don't really work in reality.
For BAS, these are gold mines. Every unofficial spreadsheet or
workaround is a here's where we're failing flag.
(11:59):
And to be honest, they can be quick ones that you can turn
into value, which is what your game is shadow.
IT also exposes communication gaps between business and IT.
So that's a really good one. That's when you go, well, you
know, that's really where the BAS play we can get in early.
(12:21):
The tip is when you discover a shadow tool, treat it as a user
story in disguise. So what is the need?
Turn it into some maybe an epic right?
And you figure out the features that they enjoy and and what
their actual user stories are. Their their requirements are
through elicitation number six, surfacing and mapping shadow IT.
(12:45):
You can't address what you can'tsee.
Instead of just punishing users,proactively seek out and map
shadow ID tools and build a picture of real business needs.
An example might be ABA running an anonymous survey, which is a
(13:06):
really good way of doing this. What tools do you use to get the
job done? What's not working about the
official ones? Do that and then you'll get a
little bit of an audit and then maybe you can have a follow up.
Do you mind as following up? You're not going to be in
trouble mapping shadow. IT can be an eye out note it can
reveal dozens of hidden workflows or thousands and and
(13:28):
spreadsheets are one. Use interviews, focus groups or
a simple show and tell session to say we we understand this is
an issue. I'm not ITI work for you.
I'm a business analyst and I want to help work with you
because this is limiting your ability to report on your data.
(13:48):
Keep it non judgmental. The aim is understanding non
enforcement. OK so don't be an agent for IT.
Security number 7 is building trust, not fear around shadow
IT. If people fear repercussions,
they'll hide what they're doing.That's true in life, and a
(14:12):
valuable insight is lost. But build trust so people will
share openly with you. OK, An organization where staff
know that they can suggest workarounds without taking, you
know, or getting into trouble orgetting, you know.
Telling off leads to rapid discovery, and that leads to
(14:37):
better ways of working. Encourage leaders to reward
transparency, not punish creativity, because that's what
you need an organization publicly recognize teams who
flag process issues, even if they've been in the the rules,
right? So we've solved it this way.
This is the actual problem. Obviously, there is a
(15:00):
conversation about trying to align people, and that needs to
be done in the right way. You might also find that there's
some politics between teams here.
Tip might be to create forums for open dialogue.
What unofficial solutions are helping you work better?
We can. You can just have that on the
(15:20):
Internet now. The the opportunity here is that
you can #8 is turning those shadow solutions into real
business prototypes. Prototypes with a capital pen
BAS can turn shadow apps and spreadsheets into blueprints for
scalable, secure solutions. Finance builds A forecasting
(15:44):
model in Excel instead of shutting it down. the BA uses
that as the foundation for a newPower BI dashboard with proper
controls and access to centralized data.
Analyze what makes the shadow tool useful.
It's usually something about speed or simplicity or
(16:05):
flexibility. Collaborate with the users to
speak what a fully supported secure vision would look like
called on the SME. Or you know a business expert or
a business owner of that problem.
The trick is to Co create with the original shadow user to
ensure the new solution truly meets need.
(16:26):
And you might find that they're great as a a potential candidate
as a junior BA in the future, even though they've come from a
solution background #9 is when to escalate, when to formalize,
and when to kill. Not every shadow tool should
become official. Some are risky, others are
genius, some should be retired. BAS must help IT and business
(16:52):
triage. If you've got an unencorrected
personal Dropbox account with client data, you need to shut it
down and replace it. You've got some clever macros
that save hours, but you know it's blocked because it's a
security threat. Because Microsoft says it is, or
your IT support says it is. Move it to IT support and scale
(17:14):
it. Create simple risk benefit
frameworks for triage. Don't force everything into IT
slab. Some tools are best left local
but with clear guidelines. So marketing might drive your
serum or your marketing tool. Know when to escalate.
(17:35):
If there's a regulatory risk, move quickly and communicate
openly and explain why. Treat shadow IT like a product
backlog review. Prioritize and decide.
And #10 the rise of the citizen developer.
This is where shadow IT goes. Legit.
We now have low code, no code platforms like Zapier, NIANI use
(18:01):
FRAP, there's Airtable. These platforms are shifting the
conversation from shadow it is bad to let's enable safe, rapid
business LED innovation. And that's something that BAS
need to get their head around. An insurance company rolling out
power platform app, right to build compliant apps that
(18:25):
citizen developers are working would be a oversight.
That's a good example. It's you don't have all the time
to do that. And to be honest, you're on the
analysis side. This isn't just a trend, it's
the new reality. Gartner predicts that 70% of new
business apps will be built outside of IT by 2025.
(18:46):
BAS are perfectly placed to bridge the gap, ensuring
governance without stifling innovation.
The new BAS skill set is coaching, guiding, and
supporting safe citizen development.
Advocate for enabling frameworks, not lockdowns.
Help the business build the right things, the right way.
(19:08):
Shadow IT isn't a compliance headache, it's a window into how
your organization actually worksand what your people truly need.
If you treat it as the enemy, you'll spend your time
firefighting and your users willgo underground and not like you.
If you treat it as a discovery tool, a set of living
(19:31):
prototypes, pain point signals, and innovation incubators,
you'll be a better, more responsive business analyst and
a true partner to the business. So the next time you stumble on
the rogue spreadsheet or unofficial app, don't rush to
shut it down. Listen, learn, and lead the way
(19:53):
to smarter solutions. Thanks for joining me on the
Better Business Analysis podcast.
If you enjoyed this episode, subscribe on Spotify and connect
with me, Benjamin Walsh on LinkedIn.
This topic most IT leaders and business analysts tend to view
as a problem, but it's actually a massive untapped opportunity
we're talking about. Shadow IT.
Those unofficial apps, spreadsheets, and tools your
(00:23):
colleagues are using under the radar.
Is it a risk? Sure, but for a switched on BA,
it's also a treasure map to painpoints, workarounds, and
innovations happening in your organization right now.
The Better Business Analysis Institute presence, the Better
(00:45):
Business Analysis Podcast with Kingsman Walsh Welcome back to
the Better Business Analysis podcast with your host Benjamin
Walsh. And before we dive into shadow
ITI wanted to let my dedicated listeners know that at the
(01:08):
Better Business Analysis Institute we are changing things
up. To be straight up, I need a
pivot. We are not getting people
signing up for a certified business analysis course if we
don't do it in person. So what we're going to do is
we're going to take all that great content.
There's so much content on there, and we're going to
reorganize it into ABA monthly membership.
(01:33):
And what I would like you to do is there's a question on the
Spotify version of this podcast,and I want to know whether or
not you're interested in that ornot.
It's no obligation. It just tells us whether or not
you'd be interested in a paid subscription that would give you
access to all our training videos, coaching chat, and a
(01:57):
whole lot of other member only content.
If that's something you're interested in, then please just
let me know. Right, onto our topic.
Today we are talking about Shadow IT.
We are moving beyond the usual risk warnings and diving into
how we can use Shadow IT to drive smarter change, discover
(02:22):
real needs and even turn grassroots X into business
value, which I've seen a number of times of light.
So if you think of vibe coding at the moment, think of some of
the automation tools, you think of some of the smaller apps that
say HR just loads up or marking loads up my HubSpot.
The reality is this is what's happened in response to a very,
(02:45):
I, I guess either one IT which is driving its own road map of
business need, which happens a lot or just it's really hard to
get things done or limited budget and OpEx IT spend which
is decentralized. So we're going to drop into 10
top tips for dealing with ShadowIT as ABA.
(03:09):
And the first point is what is shadow IT really?
It's any tick apps, databases, spreadsheets.
We used to say spreadsheets in abad way.
Like spreadsheets and Access databases, it concludes
workflows that people use without official IT approval.
(03:32):
An example, as a sales team build their own CRM in Airtable
because the official system is too slow, it's been customized
too much. Don't start with fear, Shadow.
IT exists because people want toget work done.
They've got jobs to be done, andso they go and find a solution
(03:54):
to solve that problem. Now shadow IT isn't always
intentional rule breaking. Often it's just people trying to
get the work done faster. It's not limited to IT heavy
organisations. Every workplace has some version
of this, from shared Google Docsto WhatsApp groups.
(04:18):
And I guess what you need to think about is what shadow tools
are people quietly using in yourbusiness?
Shadow. It is a signal, it's not just a
symptom. And we'll get on to that in a
minute #2 is why Shadow IT happens and why that's a clue.
(04:46):
Shadow IT thrives where organizations and official tools
are slow, unresponsive, or simply miss the mark.
People take shortcuts when the system quote UN quote isn't user
friendly or doesn't address a key pain point.
I can't do all my things or I want an appified version of the
(05:09):
world. And what I mean by that is a lot
of people like to complete a number of set tasks in one
application. And that was developed into the
concept of an app which you now have on your phones.
And in the desktop version of, well, we don't, we have apps
now, but we used to just have executables that did one
(05:31):
distinct feature or function. And now people wanted these kind
of apps. And these enterprise tools have
had to create sub apps to run onyour phone.
So you can use them like they'recalled web apps or, you know,
just native apps that run on your phone and they are a little
bit of the whole system and people like that experience.
(05:54):
There's an example where a team might be using their personal
Slack group to collaborate because the company's messaging
system is locked down and cumbersome.
So a lot of people are worried about Microsoft Teams monitoring
their chats. So they use WhatsApp or they use
a Slack channel and then they can moan about their manager.
Happens everywhere. When you find shadow IT, ask
(06:16):
what problem are they actually solving that's not being
addressed? OK, what is this trying to
solve? Is it like a unofficial office
chatter? Maybe that can be done within
the application, but it's totally locked down and people
know that that information is not going to be reviewed.
(06:36):
Sometimes it highlights a disconnect between policy and
reality. IT thinks the tools fit for
purpose. User disagrees.
Shadow IIT often appears first in high pressure areas where
delays cost money or reputation and they just can't wait a year
to get approval. Now we'll get to some of the
(07:00):
points around the fact that thisis not always a good thing and
that, you know, just because someone wants something, it
doesn't mean that they should beallowed to have it.
But IT isn't the gatekeeper. The tip is to use shadow it as
your early warning system and look for the root cause using
the five whys #3 the risks. But don't stop there.
(07:26):
The standard narrative is risk. OK data links, non compliance,
lack of support. But stopping at risk means
missing the value and intent behind shadow it.
So simply it usually takes not been involved.
We're just getting rid of any Access database.
It's just not secure. We'll stop allowing you to send
(07:49):
files over e-mail or Excel files.
Column one. An example might be sensitive
client data is shared on an unapproved Google Drive.
No version control, no order trail happens often.
Shadow IT can also lead to duplicate if it data silos and
(08:13):
breakdowns and reporting. That's a big one.
When you think about data being saved in an Excel spreadsheet,
which happens all over the worldand every organization.
You've probably got one on your computer right now that's not
saved to a shared drive that isn't connected to the
enterprise reporting tool, whichmeans you've got some key data
in there and you can't report onit.
(08:33):
This is a problem for data and analytics.
But if you just decide to clamp down on shadow IT, users will
just find sneakier workarounds that you don't know about.
Or worse, they'll put it on their personal computers.
Mitigating risk is essential, but understanding why the risk
(08:55):
emerged is just as important. Always follow up a risk
conversation with a needs conversation.
So we know she did this, and you're really going to stop
doing that. But let's send the BA in and
let's have a conversation about what you really need and how we
can do it without putting our client data at risk #4 shadow IT
(09:22):
as a source of innovation. OK, this is the good bits.
Many shadow tools are actually cleverer hacks or genuine
process innovations, essentiallygrass root R&D.
A customer support team could use Zapier or make.com to
automate ticket allocation, making response times the 30%
(09:46):
faster. That's awesome, but Zapier is
not an approved app shadow. IT often emerge from power users
or natural entrepreneurs inside the organization that sometimes
become BAS and can be a low costway to troll new approaches
before a big IT spend. So we just tried it when you
(10:07):
say, oh, we just did a proof of concept in the business IT you
see them melt like a witch who'shad water thrown at them.
But these grass roots innovations sometimes become the
blueprint for official systems. If you're paying attention, you
need to give credit where it's due surface and celebrate smart
(10:29):
solutions even sound official oreven better.
My top tip here would be to havea, a log of these systems that
are unofficial, a little monitoring, do it safely, set it
up and allow people to try theseapps right, for a certain amount
of time. But then there's a business
decision that needs to come to force at a certain point, and
(10:51):
they need to know that they needto get their data out.
But that's the same with any enterprise system #5 shadow.
IT exposes hidden pain points. Every shadow tool is an X-ray of
some underlying issues, usually a broken process or a feature
gap. So then you might have the
(11:12):
fields sales staff, the the sales team that's out in the
field using WhatsApp to coordinate visits because the
CRM doesn't work offline. That's a real common one.
I've done a lot of Dynamics 365 customization and the customer
space and you know, it happens. You have to build a power app
and then it doesn't always sync.It's it's got better in the last
(11:36):
couple of years, but you know, that's a real problem Shadow.
IT is often the first signs of abroken journey in a process, the
bits of the process that don't really work in reality.
For BAS, these are gold mines. Every unofficial spreadsheet or
workaround is a here's where we're failing flag.
(11:59):
And to be honest, they can be quick ones that you can turn
into value, which is what your game is shadow.
IT also exposes communication gaps between business and IT.
So that's a really good one. That's when you go, well, you
know, that's really where the BAS play we can get in early.
(12:21):
The tip is when you discover a shadow tool, treat it as a user
story in disguise. So what is the need?
Turn it into some maybe an epic right?
And you figure out the features that they enjoy and and what
their actual user stories are. Their their requirements are
through elicitation number six, surfacing and mapping shadow IT.
(12:45):
You can't address what you can'tsee.
Instead of just punishing users,proactively seek out and map
shadow ID tools and build a picture of real business needs.
An example might be ABA running an anonymous survey, which is a
(13:06):
really good way of doing this. What tools do you use to get the
job done? What's not working about the
official ones? Do that and then you'll get a
little bit of an audit and then maybe you can have a follow up.
Do you mind as following up? You're not going to be in
trouble mapping shadow. IT can be an eye out note it can
reveal dozens of hidden workflows or thousands and and
(13:28):
spreadsheets are one. Use interviews, focus groups or
a simple show and tell session to say we we understand this is
an issue. I'm not ITI work for you.
I'm a business analyst and I want to help work with you
because this is limiting your ability to report on your data.
(13:48):
Keep it non judgmental. The aim is understanding non
enforcement. OK so don't be an agent for IT.
Security number 7 is building trust, not fear around shadow
IT. If people fear repercussions,
they'll hide what they're doing.That's true in life, and a
(14:12):
valuable insight is lost. But build trust so people will
share openly with you. OK, An organization where staff
know that they can suggest workarounds without taking, you
know, or getting into trouble orgetting, you know.
Telling off leads to rapid discovery, and that leads to
(14:37):
better ways of working. Encourage leaders to reward
transparency, not punish creativity, because that's what
you need an organization publicly recognize teams who
flag process issues, even if they've been in the the rules,
right? So we've solved it this way.
This is the actual problem. Obviously, there is a
(15:00):
conversation about trying to align people, and that needs to
be done in the right way. You might also find that there's
some politics between teams here.
Tip might be to create forums for open dialogue.
What unofficial solutions are helping you work better?
We can. You can just have that on the
(15:20):
Internet now. The the opportunity here is that
you can #8 is turning those shadow solutions into real
business prototypes. Prototypes with a capital pen
BAS can turn shadow apps and spreadsheets into blueprints for
scalable, secure solutions. Finance builds A forecasting
(15:44):
model in Excel instead of shutting it down. the BA uses
that as the foundation for a newPower BI dashboard with proper
controls and access to centralized data.
Analyze what makes the shadow tool useful.
It's usually something about speed or simplicity or
(16:05):
flexibility. Collaborate with the users to
speak what a fully supported secure vision would look like
called on the SME. Or you know a business expert or
a business owner of that problem.
The trick is to Co create with the original shadow user to
ensure the new solution truly meets need.
(16:26):
And you might find that they're great as a a potential candidate
as a junior BA in the future, even though they've come from a
solution background #9 is when to escalate, when to formalize,
and when to kill. Not every shadow tool should
become official. Some are risky, others are
genius, some should be retired. BAS must help IT and business
(16:52):
triage. If you've got an unencorrected
personal Dropbox account with client data, you need to shut it
down and replace it. You've got some clever macros
that save hours, but you know it's blocked because it's a
security threat. Because Microsoft says it is, or
your IT support says it is. Move it to IT support and scale
(17:14):
it. Create simple risk benefit
frameworks for triage. Don't force everything into IT
slab. Some tools are best left local
but with clear guidelines. So marketing might drive your
serum or your marketing tool. Know when to escalate.
(17:35):
If there's a regulatory risk, move quickly and communicate
openly and explain why. Treat shadow IT like a product
backlog review. Prioritize and decide.
And #10 the rise of the citizen developer.
This is where shadow IT goes. Legit.
We now have low code, no code platforms like Zapier, NIANI use
(18:01):
FRAP, there's Airtable. These platforms are shifting the
conversation from shadow it is bad to let's enable safe, rapid
business LED innovation. And that's something that BAS
need to get their head around. An insurance company rolling out
power platform app, right to build compliant apps that
(18:25):
citizen developers are working would be a oversight.
That's a good example. It's you don't have all the time
to do that. And to be honest, you're on the
analysis side. This isn't just a trend, it's
the new reality. Gartner predicts that 70% of new
business apps will be built outside of IT by 2025.
(18:46):
BAS are perfectly placed to bridge the gap, ensuring
governance without stifling innovation.
The new BAS skill set is coaching, guiding, and
supporting safe citizen development.
Advocate for enabling frameworks, not lockdowns.
Help the business build the right things, the right way.
(19:08):
Shadow IT isn't a compliance headache, it's a window into how
your organization actually worksand what your people truly need.
If you treat it as the enemy, you'll spend your time
firefighting and your users willgo underground and not like you.
If you treat it as a discovery tool, a set of living
(19:31):
prototypes, pain point signals, and innovation incubators,
you'll be a better, more responsive business analyst and
a true partner to the business. So the next time you stumble on
the rogue spreadsheet or unofficial app, don't rush to
shut it down. Listen, learn, and lead the way
(19:53):
to smarter solutions. Thanks for joining me on the
Better Business Analysis podcast.
If you enjoyed this episode, subscribe on Spotify and connect
with me, Benjamin Walsh on LinkedIn.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.