A colleague recently interviewed for a high-profile CIO role. The opportunity looked promising, but when they interviewed, red flags emerged. The hiring executive had created a shadow IT unit under a long-term colleague, tasked with using AI to deliver much-needed efficiencies. The leader of this team, like any “star quarterback,” was confident, opinionated, and clearly had the full trust of the executive. But he showed less concern for the IT organization, enterprise architecture, or long-term support.

My friend is an experienced CIO and understands the nuances of federated IT environments. After meeting this superstar, they called me to talk it through. I said, “It sounds like he’s the real CIO, without the responsibility of being one. No need to deliver resilient systems, no governance, no prioritization. Just build fast and impress the boss.” That confirmed their thinking, and they refocused on another opportunity.

In today’s Dispatch, I discuss shadow IT. Not just how it forms, but why it persists and what it reveals about the executives who enable it. These aren’t one-off skunkworks projects. They are a recurring symptom of poor foresight, shallow governance, and executives chasing quick wins at the expense of resilience.

The big picture

When executives allow the creation of shadow IT systems, they aren’t accelerating progress; they’re undermining it. These solutions often masquerade as agile innovation, but in reality, they dilute institutional discipline, fragment security, and compromise the ability to scale. What looks like speed is usually just evasion: a workaround that avoids the hard work of alignment, governance, and prioritization.

It typically begins with a familiar complaint: central IT is “too slow,” “too rigid,” or “too busy.” And sometimes, that frustration is valid. The IT organization is already carrying the weight of mission-critical systems, financials, student records, identity management, research compliance, and everything in between. But instead of addressing the real issue, how to prioritize and resource work strategically, executives look for the path of least resistance. They carve out separate teams, fund isolated projects, and bypass the very structure designed to ensure institutional coherence.

Shadow IT isn’t driven by a lack of technical prowess. Most IT organizations could build exactly what’s being built elsewhere. What’s missing is leadership patience and discipline. Shadow IT doesn’t emerge from skill gaps. It emerges from a refusal to work through process. And that refusal almost always starts at the top.

Why it happens

Three conditions almost always drive the rise of shadow IT:

• Lack of institutional priorities: When leadership fails to set clear priorities for the IT organization, everything becomes urgent. Without a roadmap, business units start solving problems on their own, often unaware of how their fixes fragment enterprise architecture. It’s not innovation, it’s drift.

• Under-resourced central IT: CIOs are tasked with maintaining legacy systems, deploying new platforms, supporting AI, and enabling transformation, all with limited or static resources. When IT bandwidth runs out, other units stop waiting. Not because IT lacks capability, but because the institution failed to invest.

• Executive hunger for quick wins: Leaders want visible outcomes. When the CIO says, “We need to scope and align,” it’s easier to say yes to someone who promises speed over structure. The result is a fix that bypasses governance and eventually lands back on central IT with no support model and no sustainability.

These patterns feed off a deeper impulse: dopamine-fueled IT. The thrill of building fast, delivering fast, and scratching a builder’s itch often outweighs the discipline of doing it right. Over time, that mindset buries transformation under complexity.

The hidden costs

Shadow IT feels like progress, until it isn’t. The dashboard works, the chatbot responds, the workflow runs. But beneath that surface, the costs begin to accumulate. Slowly. Invisibly. And then, they spiral into a crisis, dumped in the CIO’s lap.

Gartner’s Andy Kyte called it the Gordian Knot: a dense, self-reinforcing tangle of fragile systems, undocumented workarounds and workflows, and accumulated technical debt. Shadow IT doesn’t just contribute to the knot; it tightens it. Every unsanctioned tool, every unvetted build, every workaround adds another strand.

• Support risk shows up first. These systems are often built by a single individual who eventually leaves. When the system breaks, central IT gets the 2 a.m. call to fix something they’ve never seen.

• Security risk is next. Shadow tools live outside audits and controls. No monitoring, no patching, no visibility until a breach or compliance failure exposes the gap.

• Integration risk follows. These systems don’t connect cleanly to institutional platforms. They duplicate data, break workflows, and drift out of sync over time.

But the real cost is strategic. Shadow IT fragments institutional coherence, weakens governance, and locks the institution into a future shaped by exceptions. And by the time failure becomes visible, the original developer has moved on. The executive who backed the shortcut is gone. The mess remains, and the knot is tighter than ever.

What real innovation looks like

Real innovation doesn’t happen in rogue units. It happens when the entire institution aligns around shared systems, shared data, and shared stewardship. That requires:

• A capable, empowered IT organization: With the authority, visibility, and leadership to coordinate across divisions and deliver enterprise solutions that last.

• A CIO at the strategy table: Not buried under ops, but participating in executive decisions so technology isn’t an afterthought or a workaround.

• Clear institutional priorities. So IT can allocate talent and attention to the most strategic needs, not just the loudest or most powerful voices.

• Executive restraint. The wisdom to delay the local fix in favor of a solution that integrates, scales, and endures.

Shadow IT thrives in environments where leaders confuse speed with strategy. But the most effective organizations aren’t the ones that move the fastest; they’re the ones that know where they’re going and move in sync, “sweating the details” together.

The final word

Institutions don’t need more workarounds. They need alignment, discipline, and a shared sense of responsibility. The central IT organization is not a barrier to innovation. It is the engine that makes real innovation possible. To succeed, it must be led by an empowered CIO and grounded in architecture and resourced to deliver.

If you’ve authorized a side-door IT project, you haven’t solved a problem; you’ve punted it to the future. You’ve created a system that central IT didn’t design, control, and likely can’t sustain. In doing so, you’ve weakened the institution’s technology trajectory while creating an illusion of momentum. What looks like progress is deferred risk, often resurfacing when the “star quarterback” gets bored and moves on.

Shadow IT may feel like momentum. But it’s not innovation. It’s poor impulse control, masquerading as progress. And it’s time to stop pretending otherwise.