The IT profession is not standing still. Advances in cloud computing, artificial intelligence, and workplace automation are reshaping job titles, skill requirements, and the day-to-day responsibilities of every person in an IT team. Two of the most significant shifts — the redefinition of the helpdesk role and the emergence of “shadow AI” — are already changing how forward-thinking IT departments operate.
From Helpdesk Technician to Digital Support Engineer
For decades, the entry-level helpdesk role followed a familiar pattern: log the ticket, reset the password, swap the laptop, close the ticket. It was reactive, process-driven work, valuable but narrowly defined. That model is being rapidly replaced.
The emerging title — Digital Support Engineer — reflects a fundamentally different scope of responsibility. Rather than simply fixing what is broken, Digital Support Engineers are expected to:
- Manage cloud infrastructure — provisioning and monitoring Microsoft 365 tenants, Azure or AWS environments, and hybrid identity platforms like Entra ID.
- Maintain AI-assisted tooling — configuring, monitoring, and troubleshooting the AI tools that employees use daily, from Copilot integrations to automated workflow bots.
- Drive user success — proactively identifying friction points in the digital employee experience before users raise tickets, rather than reacting after the fact.
- Automate repetitive tasks — using low-code tools such as Microsoft Power Automate or scripting in PowerShell to eliminate manual processes and free up time for higher-value work.
This shift is partly economic and partly technological. Cloud platforms have reduced the volume of physical hardware tasks — there are fewer servers to rack, fewer desktops to image. At the same time, the complexity of the software environment has grown enormously. A typical SME now runs 40–80 cloud-based applications. Supporting those environments demands a much broader and more dynamic skill set than traditional L1 support ever required.
What This Means for Hiring and Training
Organisations are beginning to ask different questions when recruiting support staff. Instead of “can you follow a troubleshooting script?”, interviews now probe for cloud literacy, scripting ability, and comfort with ambiguity. Certifications such as Microsoft SC-900 (Security Fundamentals), AZ-900 (Azure Fundamentals), and MS-102 (Microsoft 365 Administrator) are becoming baseline expectations rather than differentiators.
For existing IT staff, this evolution presents both an opportunity and a challenge. Those who proactively upskill in cloud administration, automation, and AI tool management will find their value to the organisation increase substantially. Those who do not may find their roles contracted or outsourced.
The Rise of “Shadow AI” and the AI-BOM
Alongside the evolution of roles, IT teams are grappling with a phenomenon that mirrors the “shadow IT” problem of the 2010s — but with significantly higher stakes. Shadow AI refers to the unauthorised use of AI tools by employees, without the knowledge, oversight, or approval of the IT or security team.
The scale is striking. Research published in early 2025 found that over 70% of employees in UK knowledge-worker roles had used at least one AI tool that had not been approved by their employer. Common examples include:
- Pasting confidential contracts, financial data, or customer records into public large-language model interfaces to get a summary or draft.
- Using browser-based AI writing assistants that send document content to third-party servers.
- Connecting personal AI productivity apps to corporate Microsoft 365 or Google Workspace accounts via OAuth.
- Running locally installed AI models that bypass network monitoring entirely.
The risk is not hypothetical. Several high-profile data leakage incidents in 2024 were traced back to employees sharing sensitive information with AI tools that stored prompts for model training, or that were operated by vendors with inadequate data processing agreements under UK GDPR.
Introducing the AI-BOM
In response, security-conscious IT teams are adopting a new governance framework borrowed from software supply chain security: the AI Bill of Materials (AI-BOM).
In software development, a Software Bill of Materials (SBOM) is a complete inventory of every component, library, and dependency in an application — a prerequisite for identifying vulnerabilities in the supply chain. The AI-BOM applies the same logic to artificial intelligence tools:
- Inventory: A complete register of every AI tool in use across the organisation — approved, tolerated, and discovered (shadow).
- Data flows: Documentation of what data each tool accesses, where it is processed, and who it is shared with.
- Vendor assessments: Security and compliance reviews of each AI vendor, covering data retention policies, sub-processors, and GDPR compliance.
- Risk ratings: A tiered classification of tools by risk level, informing decisions about which tools to approve, restrict, or block.
- Access controls: Technical enforcement via browser policies, network filtering, and endpoint management to ensure only approved tools can access corporate data.
Building an AI-BOM is not a one-time exercise. As new AI tools emerge weekly — and as employees continuously seek workarounds to productivity bottlenecks — the inventory must be actively maintained and the discovery process automated where possible.
A Practical Starting Point
For most SMEs, a pragmatic first step is to use Microsoft Defender for Cloud Apps (or an equivalent CASB tool) to discover what cloud applications are actually being accessed from the corporate network. The results are often surprising — organisations running their first shadow IT audit typically uncover three to five times the number of applications they believed were in use.
From that baseline, an AI-specific review can be layered on top: identifying which discovered tools use AI, what data they handle, and whether they meet the organisation’s security and compliance requirements.
What Both Trends Have in Common
The shift from helpdesk technician to Digital Support Engineer and the challenge of governing shadow AI are, at their core, about the same thing: technology is moving faster than most organisations’ processes and governance frameworks. The IT teams that will thrive are those that treat these changes as opportunities to deliver more strategic value — rather than waiting for policy to catch up with reality.
Whether that means upskilling your support staff, conducting your first AI-BOM audit, or putting an AI acceptable-use policy in place, BIT Tech IT Solutions can help you plan and execute the transition. Speak to our team to find out more.
