Southeast Asia Shadow IT and Lakehouse model Rationalization

Discovering Hidden Technology Capabilities Across a Fragmented Luxury Region

Client and Regional Context

A global luxury group was operating across a highly fragmented Asia-Pacific and Southeast Asian ecosystem, with multiple Maisons, hundreds of boutiques, numerous local providers, many country-specific constraints and a large number of locally developed or locally procured applications.

While China naturally attracted significant corporate attention due to its size, regulatory specificities and technological separation, the broader Southeast Asian region represented a very substantial operational and commercial footprint in its own right. In terms of stores, brands and revenue, the aggregate weight of Southeast Asia and the rest of Asia-Pacific could match or even exceed China, but without a single dominant actor concentrating the strategic visibility.

The region included multiple countries, time zones, languages, legal systems, data policies, business cultures and local operating models. ASEAN countries have enacted increasingly complex and divergent data protection and localization regimes – from Singapore’s PDPA to Vietnam’s strict in-country data storage requirements – which means compliance in one jurisdiction does not automatically transfer to another. In many cases, local teams had developed or acquired their own solutions to solve urgent business needs without waiting for centralized global delivery.

The result was a highly complex regional technology landscape, with significant levels of shadow IT, fragmented ownership and limited global visibility. Shadow IT – defined as any application, service or system deployed without central IT approval – is now ubiquitous in large organizations, especially in cloud and SaaS environments, and is widely recognized as a source of cost, security and governance risk.

Business Challenge

Shadow IT exists in many global organizations, but in this case the challenge was unusually complex.

The region included:

Dozens of country-level business environments.
Multiple Maisons and operating entities.
Hundreds of boutiques and local business units.
Hundreds of local providers and technology vendors.
Many locally developed or externally procured applications.
Partial or outdated information about existing systems.
Unclear ownership and governance chains.
Limited centralized visibility and coordination across time zones.
Multiple data lakes and nested data environments.
Business intelligence solutions operating outside central oversight.
Rapidly evolving data regulation and localization requirements across several jurisdictions.

The core problem was not simply that there were too many applications. The real challenge was that the corporate center did not have sufficient visibility to understand the cost, value, risk and potential reuse of the regional technology ecosystem. This is consistent with how shadow IT is described in industry research: a proliferation of unapproved tools that create “app sprawl”, governance gaps and unknown attack surface, particularly in cloud-heavy environments.

This made rationalization extremely difficult. You cannot rationalize what you cannot see, and you cannot assign budget or governance priority to a region whose technology weight is not properly understood.

Why Southeast Asia Was Different

China was complex because it operated as a distinct digital ecosystem with its own platforms and regulatory perimeter. Southeast Asia was complex for a different reason: fragmentation.

There was no single dominant operating logic. Instead, the region contained many different local realities:

Different languages and customer cultures.
Different legal systems and enforcement regimes.
Different data protection and localization requirements across countries.
Different technology providers and integration patterns.
Different levels of local IT and data maturity.
Different local business pressures and growth trajectories.
Different historical solutions created by local teams to fill gaps.

This made centralized governance very difficult. It was not always clear:

Who owned an application.
Whether the application still existed or had evolved.
Whether it had been replaced by another tool.
Whether it was still critical for a boutique or a Maison.
What cost it generated and under which budget line.
What data it contained and where that data was stored.
What compliance or security risk it represented.
Or whether it included a capability that could be reused elsewhere.

In some cases, there were only partial traces that an application had existed two or three years earlier – a contract reference, a budget line, a mention in a regional initiative – with no direct visibility on its current status. That was the level of ambiguity.

Engagement Objective

The objective was to create a sufficiently accurate architectural and cost map of the regional shadow IT ecosystem within a constrained timeframe and budget.

The work had to answer several practical questions:

What applications and technologies exist across the region?
Which ones are still active?
Who owns them – at Maison, country or regional level?
What approximate cost do they represent (including licenses, infrastructure and support)?
Which systems create compliance or data-governance risk under evolving ASEAN laws?
Which applications duplicate existing global capabilities?
Which local solutions are actually valuable – solving real business problems or enabling growth?
Which capabilities could be reused, scaled or integrated more broadly?
How can the region move from fragmented data lakes toward a more governable lakehouse architecture?

The target was not perfect visibility. The target was: sufficiently good visibility to enable governance, prioritization and rationalization. That distinction is important in regions where full completeness would be prohibitively expensive and slow.

Our Role

The work focused on architecture discovery, rationalization analysis, cost estimation, data architecture and capability identification, with a strong emphasis on judgment under uncertainty.

Key contributions included:

Mapping hundreds of applications and technologies across the region, using interviews, documentation, budget traces and local intelligence.
Reconstructing ownership and governance where information was incomplete or contradictory.
Identifying active, obsolete, duplicated or uncertain applications.
Estimating approximate total cost of ownership (TCO) where direct financial data was unavailable, using proxy indicators and benchmarks.
Assessing the business importance of applications using partial signals (usage patterns, process dependencies, criticality narratives).
Identifying compliance and data-policy exposure in light of diverse ASEAN data protection and localization regimes.
Organizing the discovered landscape into a usable architecture view (by Maison, country, functional domain and data domain).
Supporting attention-raising toward senior corporate stakeholders with clear, quantified stories.
Structuring the first path toward lakehouse-based regional data governance.
Identifying hidden capabilities that could justify and partially fund the rationalization effort.

This was not a classic application inventory exercise. It was an architectural reconstruction of a fragmented regional technology ecosystem, under real time and budget constraints.

Core Architectural Problem: Shadow IT at Regional Scale

The central concept in this case was shadow IT at regional scale.

Not isolated shadow IT. Not a single department adopting a SaaS tool without approval. But a multi-country, multi-brand, multi-provider ecosystem where local technology solutions had accumulated over time because the region needed to operate, sell, report, analyze and adapt faster than central technology governance could support. This mirrors global observations that the consumerization of IT and the explosion of SaaS services have made shadow IT a pervasive structural feature of large enterprises, not an exception.

This created a paradox. On one side, shadow IT represented:

Cost and duplicated spend.
Governance and architectural risk.
Compliance exposure under divergent data laws.
Fragmented data and inconsistent reporting.
Unclear ownership and support responsibility.
Architectural entropy and integration complexity.

On the other side, many of these applications existed because local teams had solved real business problems under local constraints. In Southeast Asia, where regulatory frameworks, data localization and customer behaviors differ from market to market, central solutions often arrived late or did not fully fit local needs, pushing teams to innovate independently.

The correct approach was therefore not simply to eliminate everything. The correct approach was: discover, classify, rationalize and selectively scale what was valuable.

Data Architecture: From Fragmented Data Lakes to Lakehouse Logic

A major outcome of the work was the move toward a more structured lakehouse architecture.

The region already contained multiple data environments, data lakes, reporting solutions and business intelligence capabilities, but they were not sufficiently integrated or governed from a regional or corporate perspective. Traditional data lakes are powerful for storing large volumes of raw data but often lack governance, quality and performance guarantees for analytics, which leads to “data swamps”. The lakehouse concept emerged precisely to address this by combining the flexibility of data lakes with the structure and transactional guarantees of data warehouses in a unified architecture.

The work helped frame a path toward:

Consolidating fragmented data sources into fewer, governed domains.
Improving information visibility for regional and global stakeholders.
Reducing duplicated reporting and BI layers.
Creating stronger regional governance over key data assets.
Enabling controlled data integration across countries, within legal constraints.
Supporting future rationalization and analytics initiatives.
Preparing the region for broader analytics and AI use cases, including Rationalization.AI and Diamond Inside patterns.

The aim was not to impose a heavy centralized data architecture overnight. The aim was to create a practical lakehouse-aligned architecture that could gradually increase control, visibility and reuse, while respecting local regulatory and operational realities.

TCO and Attention Raising

One of the most important results was not technical. It was executive attention.

The region represented a significant business footprint – in some scenarios approaching a quarter of the group’s global revenue – but its technology complexity and cost were not fully visible upstream. This is typical of shadow IT situations, where costs and risks are hidden across departments and vendors.

By mapping applications, estimating TCO and showing the scale of the shadow IT landscape, the work helped raise corporate attention to the fact that Southeast Asia was not a secondary technology topic. It was a major operational and economic reality.

The analysis showed that the issue was not only about reducing cost. It was also about:

Protecting revenue and customer experience in a high-growth region.
Improving governance and reducing architectural fragility.
Reducing compliance exposure under increasingly strict local laws.
Improving data visibility and decision quality.
Enabling better regional execution and cross-country learning.
Identifying reusable innovation created by local teams.

This shifted the conversation from “there is too much shadow IT” to “there is a hidden regional technology ecosystem that must be governed, rationalized and selectively scaled”. That reframing was strategically important.

Diamond Inside Relevance

This case became a strong example of Diamond Inside because the discovery did not only reveal problems. It also revealed valuable capabilities.

Some local applications and technologies were not merely redundant or risky. They were good. Some had been created because local teams deeply understood regional needs that the global organization had not fully addressed. Similar patterns are visible in broader research on shadow IT, where some unsanctioned tools actually improve productivity and innovation if properly governed.

The Diamond Inside logic was: inside the apparent disorder, there may be capabilities worth scaling.

The work helped identify applications and technologies that could potentially be reused, adapted or integrated more broadly. This changed the financial logic of the rationalization effort. Instead of treating rationalization only as a cost-reduction program, the case showed that rationalization could become close to self-funding if valuable local capabilities were reused and scaled.

In practical terms:

Rationalization reduced waste and duplication.
Lakehouse-oriented architecture improved control and data quality.
Compliance exposure was reduced through better visibility.
Selected hidden capabilities could help pay for the transformation when scaled or reused.

That is the strongest strategic message of this case.

Strategic Insight

The key insight was: Southeast Asia was not simply a fragmented region to be cleaned up. It was a hidden capability landscape.

The region had accumulated complexity because local teams had been forced to solve real problems under local constraints – regulatory, cultural, commercial and technological. Some solutions were duplicated, obsolete or risky. But others represented practical innovation, tuned to local customers and legal conditions.

The architectural challenge was to distinguish between:

Shadow IT to retire.
Shadow IT to bring under governance.
Local tools to integrate into a broader portfolio.
Data assets to structure through lakehouse architecture.
And hidden capabilities to scale as part of Diamond Inside.

That is a more sophisticated approach than standard IT rationalization, which often focuses only on elimination and cost-cutting.

Outcome

The engagement produced several important outcomes:

A sufficiently good map of hundreds of regional applications and technologies.
Improved understanding of ownership, governance and approximate cost.
Clearer visibility of shadow IT exposure and architectural risk.
Identification of regional data architecture gaps and overlaps.
A lakehouse-oriented architecture direction to unify fragmented data environments.
Stronger executive awareness of the region’s technological and economic weight.
Prioritization logic for rationalization and governance initiatives.
Discovery of hidden capabilities suitable for reuse or scale-up under the Diamond Inside framework.

The result was not only an application inventory. It was a strategic architecture view of a fragmented regional ecosystem, and a path to turn a “shadow” landscape into a governed, rationalized and innovatively rich part of the global technology portfolio.

Why This Case Matters

This case matters because it demonstrates the ability to operate precisely where traditional enterprise architecture often struggles:

Incomplete information and partial historical traces.
Unclear ownership across many entities and countries.
Many providers and contracts accumulated over time.
Rapidly changing regulation and data localization laws.
Fragmented data ecosystems and multiple ungoverned data lakes.
Business-critical local solutions operating outside the central map.

The work required more than methodology. It required judgment. It required knowing when visibility was sufficient, when cost estimation was “good enough”, when a local system represented unacceptable risk and when it represented hidden value worth protecting and scaling.

That is exactly the intersection between Rationalization.AI, Diamond Inside, data architecture, governance and enterprise transformation in complex, multi-region environments.

Short Website Version

Southeast Asia Shadow IT & Lakehouse Rationalization

Discovering Hidden Technology Capabilities Across a Fragmented Luxury Region

A global luxury group was operating across a highly fragmented Southeast Asian ecosystem, with multiple Maisons, hundreds of boutiques and hundreds of locally developed or procured applications. The region faced extreme shadow IT at regional scale – a dense landscape of tools and data lakes created under divergent local regulations, time zones and business pressures, largely invisible to the corporate center.

The engagement mapped this hidden ecosystem, estimated total cost of ownership, identified compliance and governance risks, and structured a path from fragmented data lakes toward lakehouse-style architectures. This provided “good enough” visibility to enable rationalization, governance and prioritization within a constrained timeframe.

Under the Diamond Inside logic, the work also revealed high-value local capabilities – applications and data assets created by regional teams to solve real problems – which could be reused and scaled. This shifted rationalization from a pure cost-cutting exercise to a self-funding transformation play, turning Southeast Asia from a shadow IT problem into a strategic capability landscape.

Fuentes

FunctionEight. “Shadow IT in Asia: How to Discover and Manage It.” FunctionEight, 2025.

Cisco Systems. “What Is Shadow IT?” Cisco, 2017.

Proofpoint. “¿Qué es Shadow IT? Definición, ejemplos y más.” Proofpoint, 2021.

ZeroFox. “Shadow IT: Combatting Hidden Risks to Your Attack Surface.” ZeroFox, 2024.

Kyndryl. “How to Mitigate Shadow IT Risks: 3 Strategies to Consider.” Kyndryl, 2025.

Wikipedia. “Shadow IT.” Wikipedia, last updated 2024.

Atlas Systems. “ASEAN Framework on Personal Data Protection Explained.” Atlas Systems, 2026.

Rouse. “Data Localisation and Transfer Issues in Southeast Asia: What Businesses Need to Know.” Rouse, 2025.

Captain Compliance. “Data Localization Laws by Country: What Businesses Must Know.” Captain Compliance, 2025.

Lakehouse Partners. “The Lakehouse Concept.” Lakehouse Partners, 2025.

IBM. “Data Warehouses vs. Data Lakes vs. Data Lakehouses.” IBM, 2024.

Google Cloud. “What Is a Data Lakehouse? Architecture & Benefits.” Google Cloud, 2025.