GAPs transform the enterprise with IT-managed, citizen-led automation One key operating principle for IT leaders is to have a deep understanding of and control over all the technology within an enterprise. IT leaders are rightfully wary of introducing new applications that do not align with their data, security, and governance requirements since some applications (especially lightweight freemium tools) can introduce risk to the organization. These risks are a non-starter for IT since they can expose intellectual property, customer, and employee data to unacceptable security breaches. Collaboration with business users limits the risks of a “Shadow IT” department. Unfortunately, when it comes to automation initiatives, business users are simply tired of waiting for IT teams to deliver, while IT teams are simply not resourced to support internal integration projects across hundreds of applications. As project backlogs continue to expand and technical solutions stall, business users are increasingly turning into “shadow IT” or “citizen IT” by directly buying tooling that is outside of IT’s purview to solve this integration and automation problem. The danger to enterprise companies is clear. Often, shadow IT solutions do not adhere to governance or base-level data security requirements, like SOC 2 Type 2, GDPR, CCPA, and HIPAA compliance. Gartner warns IT leaders that they cannot simply pretend citizen IT does not exist because “by ignoring this important and potentially innovative work, IT may force citizen IT even deeper into the shadows or try riskier things.”[3] In order to avoid security and governance risks, Gartner advises IT leaders to “embrace business-led and citizen IT as part of the overall I&T operating model, and ensure responsible and sustainable behaviors and practices that shorten time-to-value, ensure acceptable total cost of ownership (TCO), and mitigate risks.”[3]
IT Buyers Guide Page 9 Page 11