How avoidance, weak governance, and lack of structured procurement allow risk and complexity to grow outside IT control
Dante’s Divine Comedy does not equate sloth with mere laziness. It’s something much more subtle and dangerous. Failing to act when you should is simply unacceptable. A quiet lack of care. Not taking responsibility. A passive acceptance of decline. It is not what you do. It’s what you decide not to do.
This understanding of sloth is important because it changes how we think about failing as a technology leader. In the world of the Legacy CIO, sloth doesn’t look like doing nothing. The organization is busy. People are working in teams. Things are moving along with the projects. But some problems are always avoided. Some choices are put off. Some truths are not taken into account. Shadow IT is one of the most obvious signs of this.
How Shadow IT Begins
Shadow IT does not begin as a problem. It begins as a solution. A business unit needs a tool, but IT is too slow, too complex, or too disconnected. So, the business acts as if all that is needed now is a valid credit card. A SaaS tool is purchased. A workflow is created without governance. Data is stored in unmanaged systems. At first, it works. It is fast. It is efficient. It solves a real need.
And so, it spreads. What starts as a quick fix for a particular team turns into a pattern for the whole company. Different departments use different tools. Each one fixes a problem in the area, but no one is looking at the whole picture. The legacy CIO usually knows that this is going on. But he or she doesn’t help; instead, look the other way.
The Critical Moment of Avoidance
The critical moment is not when Shadow IT appears. This situation occurs when the legacy CIO becomes aware of the issue but takes no action. There is no clear response. No structured integration. No governance. Just silent acceptance as an effort to please those who are higher up in the organization or because this might lead him or her to a political fight with others with more influence or even because he himself does not see it as an issue due to lack of vision.
Sometimes this is justified with familiar phrases. “We will deal with it later.” “It is not a priority right now.” “The business needs flexibility.” These sound reasonable on the surface, but they are not strategy. They are avoidance dressed up as patience. This is sloth in its truest form: not doing nothing, but neglecting what is required.
Over time, what was once a small exception turns into a whole system. The number of tools in the organization grows. Data is broken up into pieces, with some of it stored in official systems and the rest spread out across tools that aren’t being managed. When teams try to link their shadow solutions to core systems, integrations get complicated. It’s not clear who owns what. It’s not clear who is in charge of what.
And over time, IT loses control. This does not happen when people fight or argue. It happens when someone is not there. Because IT wasn’t there when decisions were made, it couldn’t change them. The end result is a patchwork landscape that is hard to secure, costly to manage, and almost impossible to govern.
The Hidden Cost of Doing Nothing
Ignoring Shadow IT doesn’t usually have immediate effects, but they build up over time and become structural.
Sensitive data is stored outside of controlled environments, which makes security risks higher. A marketing team uses an unauthorized tool to track customer information. A finance team uses a spreadsheet to keep track of important tasks. IT can’t see these risks until something goes wrong.
Systems change without coordination, which makes architecture less cohesive. Each team works on its own, which leads to extra work and problems with integration that are costly to fix later. Data loses its integrity, which means that there are many different versions of the truth in the organization. Different teams look at different numbers and make decisions based on information that isn’t complete or doesn’t agree.
Costs become invisible when subscriptions and tools add up without being watched. Companies often find that they are paying for dozens of unnecessary SaaS tools, many of which no one even uses anymore.
And most importantly, IT stops being a strategic function. It can only give strategic advice if IT is involved in decisions. The business learns to work around IT, which makes IT less important all because the legacy CIO on top of the IT organization is exercising sloth.
The key insight is simple: what you don’t manage will grow outside your control. Avoidance does not make the problem disappear. It only allows the problem to grow in ways that become harder to address later.
Moving from Avoidance to Structure
The answer is not to get rid of Shadow IT. That is not realistic or desirable, especially in the short or medium term. The business needs flexibility and to move fast. he answer is to put Shadow IT in a system that can be controlled. Moving from sloth to leadership requires structure.
- A Structured Procurement Process
Every IT-related purchase must follow a defined process. This includes not only infrastructure but also SaaS tools, platforms, and subscriptions. The goal is not to slow the business down. The goal is to create visibility. When IT knows what tools are being used, IT can help secure them, integrate them, and manage them effectively.
- Mandatory IT Involvement
IT must be part of every decision, not as a blocker but as a partner. By reviewing security, integration, and architectural fit, IT can ensure alignment without slowing the business down. The role of IT shifts from gatekeeper to enabler.
- Purchasing as the Gatekeeper
This is the critical point of enforcement. The purchasing department makes sure that no tool is bought outside of the process and that no subscription goes around the rules. This makes a natural way to control things without fighting or arguing. When IT governance and purchasing are in sync, the process goes smoothly.
- A Cultural Shift
Shadow IT is not your enemy. It’s feedback. It shows that needs have not been met. The modern CIO hears this signal and uses it. Instead of asking, “How do we stop Shadow IT?” they ask, “Why does Shadow IT exist, and how can we fix those problems at their source?”
The difference in leadership is clear. The Legacy CIO says, “We need to control Shadow IT.” The modern CIO says, “We need to understand why it exists.” One focuses on enforcement. The other focuses on listening and enabling. One leads to resistance and fragmentation. The other leads to partnership and integration.
Closing Reflection
Dante described sloth as failing to act when needed. This failure is not often seen in modern IT because there are no alarms. No escalations. No problems right now. But over time, systems break down, risks grow, and control fades. The organization is going off course. Not because of bad choices, but because they were never made.
It doesn’t cost anything to be lazy all at once. It is paid for over time, through risk, complexity, and the gradual loss of IT’s strategic value. The good news is that this can be changed. The first step is to realize that avoiding something is not being patient. The first step is to decide to do something.
In the next article, we will explore the fourth sin:
Greed—The Illusion of Simplification.
And how the constant addition of tools, systems, and solutions creates complexity even when the stated goal is simplicity.
If this topic resonates with you, I’d love to hear what you think.
In my book Life in the Digital Bubble, I explore how AI and digital systems will reshape not only technology but also work, families, and society in the decades ahead.
And for organizations navigating these changes today, my digital transformation and AI consulting services focus on helping leaders move beyond scattered initiatives and build clear operating models that turn emerging technologies into real business value.