While some organizations have already succeeded in exploiting internal IT capabilities to generate external income, IT is still treated as a cost center in most organizations. The increasing pace of digitalization provides new commercial opportunities for those organizations that have elected to invest in building their in-house IT capabilities. In this Viewpoint, we look at the opportunities and risks of monetizing IT and how companies can maximize value by building a virtuous circle that also delivers major benefits to internal IT service provision as well as new external revenue.
As set out in the Viewpoint “Beyond Systems,” the role of the corporate IT function is changing rapidly, from custodians of the technology infrastructure toward true strategic partners to the business. But providing internal advice and services is not the only way for the IT function to add value. Extending its remit toward providing services to others on the commercial market is another direct, more easily measurable way.
Offsetting the costs of IT, or preferably generating a net profit, appears increasingly attractive. According to a recent Gartner survey of CIOs, worldwide IT spending is expected to increase by nearly 10% in 2025 versus 2024, driven especially by ongoing AI investment and the rising costs of cloud storage. As digitalization progresses, the share of revenues spent on IT is also increasing. For example, Statista reported a doubling or more in the share of revenues spent on IT in 2023 versus 2022 in sectors such as industrial and consumer products. The pressure on CIOs to control costs while enabling digital transformation has forced another critical reappraisal of make, buy, or borrow strategies for IT. Many CIOs are actively looking to further outsource some or most of their IT services. This is driving strong growth in the outsourcing market, predicted by most forecasters to grow at more than 8% CAGR between now and 2030. And increasingly, external customers are seeking high-end IT capabilities, such as AI, cybersecurity, or DevOps (the integration of software development and IT operations), which they cannot source internally. As partner ecosystem working becomes more extensive and sophisticated, easier collaboration through open platforms and APIs creates new revenue opportunities for IT.
Moreover, as the softwarization of businesses progresses, IT is increasingly being recognized as a strategic asset on the supply side. The rise of subscription-based models for cloud and software as a service (SaaS) has already set a precedent for monetizing IT services and applications. And the advent of AI has further highlighted the untapped value of in-house data and associated analytics for many companies.
Of course, outsourcing is not always feasible or desirable strategically. Some IT and digital capabilities are unique, differentiating, and/or key to maintaining a competitive position. Other IT capabilities can’t be outsourced for regulatory, operational, or security reasons. Investing in building in-house IT capabilities, instead of or alongside outsourcing, can therefore sometimes be the best strategic response.
Monetizing these capabilities by providing external services to others can have a huge impact on the business. One of the most stunning examples is Amazon Web Services (AWS), originally built to meet Amazon’s internal needs, which is today a US $90 billion business. Telecoms providers such as Orange offer their business customers fee-based data analytics capabilities. In consumer goods, Proctor & Gamble (P&G) provides a subscription-based digital tool alongside its Pampers products, which helps parents by offering a personalized, science-backed sleep-training program that adapts to their baby’s unique sleep patterns. This helps build customer loyalty and stickiness. Infrastructure organizations in rail and energy have monetized their spare fiber network assets by selling capacity and service to others.
There are three routes to monetizing IT assets and capabilities (see Figure 1).
Monetizing selected intangible IT assets, such as data, software, insights, capabilities, and knowledge, is the first route. Examples include AWS, Orange, and P&G as well as a Western European airport providing IT services to third parties (see case study).
The second route is to monetize physical IT assets, such as digital networks and infrastructure with spare capacity. For example, German rail operator Deutsche Bahn (DB) has opened its 18,500 km fiber optic network for use by third parties, and a Western European airport is setting up data center capacity at airport premises for internal and colocation use.
Digitally enhancing physical products is the third route. This involves creating additional value from native physical products by adding digital services on top, either directly through subscription or one-off purchase, or indirectly through increasing product attractiveness via added functionalities.
The Philips Hue lighting solution is a relevant example. It offers a combination of smart lights and a digital platform for remote control, automation, and synchronizing accessories to home lighting setups. Another example is 3M’s Filtrete Smart Air Filter, which is digitally enabled to allow real-time air-quality updates, replacement notifications, and smart home integration. A cheaper, non-digitally enabled version of the same filter is also available.
Monetization can provide multiple benefits, depending on the route:
Most importantly, exposure of the IT function to a competitive marketplace can strengthen its capabilities, improve service orientation and agility, enable better operational and cost control, and improve IT’s financial acumen. Enhanced innovation culture and external market awareness feed back into internal IT, leading to better digital product development, improved user experience, and a more strategic approach to IT investments. A more commercially aware IT function collaborates better with business stakeholders, aligning IT initiatives more effectively with strategic goals and securing stronger executive sponsorship.
Of course, monetization of IT capabilities also carries some risks and potential downsides that need careful management. First, there is some inevitable dilution of the IT function’s goals and emphasis away from purely serving internal customers. Not every IT capability developed for the internal organization will be a natural fit for external commercialization, and vice versa, leading to the risk of misalignment between IT strategy and core business needs. Priority setting can be even more difficult when external fee-paying clients are in the mix, requiring new decision-making structures. Packaging and pricing strategy can also cause complications: if the company decides to offer off-the-shelf SaaS products, modular APIs, or full-service platforms, how will these align with internal digital transformation goals?
Skilled IT resources and budget may be diverted away from important internal development programs. There may be a tendency for the best IT staff to prefer the variety and challenge of external software development and services rather than the same old internal service provision, reducing the quality of service to internal customers.
There are often financial and pricing challenges. It may be necessary to reexamine the IT cost base and reengineer processes and ways of working to be competitive at scale in a commercial market. Most corporate IT functions are accustomed to stable development roadmaps, whereas commercial work demands greater flexibility, agility, and faster iterations. The capabilities needed to run a successful commercial advisory business may require re-skilling and recruiting new resources. As with any new service, there are also market and brand risks if new IT-based services fail or underperform.
Regulatory and data risks also need to be managed. In Europe, the GDPR (General Data Protection Regulation) and AI Act classify internal IT differently from IT services offered to external customers. External monetization might require the creation of separate legal entities, contracts, and data processing agreements (DPA) with customers. AI providers have higher transparency, auditing, and compliance requirements than users. If selling AI-based services, the company might need to provide explainable AI, bias testing, and regulatory audits. Further considerations include whether there is a need for new certifications, such as ISO 27001, SOC 2, or GDPR compliance. Allowing external parties to access proprietary internal datasets needs to be carefully controlled. Conversely, providing services that access and process third-party data exposes the company to new risks and liabilities.
Managing the risks and implementing IT monetization successfully requires a fundamental shift in mindset from IT as a corporate function toward IT as a service provider. Overall, Arthur D. Little (ADL) identifies five priorities that companies must focus on for success.
The starting point is to make an objective assessment of the IT function’s differentiating assets and capabilities and conduct a realistic market-driven analysis of the likely competitive position and demand. This is normally not something that the IT function can conduct in isolation. Strong collaboration across other functions, such as technology development, marketing, and commercial, is important to ensure a good fit of the IT offering within the broader product and service portfolio. Often, business knowledge and access to real data residing in other company functions is a key differentiator for corporates compared to software vendors/start-ups. External collaboration with ecosystem partners is also extremely valuable to understand client needs and test propositions. Considering how the new IT services fit with the brand is important. Positioning them as an extension of the company’s core value proposition, not just as an add-on, helps minimize the market risk, although this depends on the nature of the existing products and services.
The organizational model will need to be adapted to suit the shift toward IT as a service to both external and internal clients. Since the business dynamics for external service provision are different, dual-track organizational models are often necessary. Creating a separate independent legal entity for external IT services is one option. However, while this may have advantages in terms of short-term share price and circumventing legacy issues, it also diminishes the significant potential benefits that market exposure brings to internal IT capabilities. Irrespective of the legal model, external service provider teams will need to incorporate new customer-facing functions and design themselves as more agile and responsive (e.g., by having flatter hierarchies and more flexible teams). Performance metrics will be different for these teams (e.g., including revenues and net promoter score to reflect customer satisfaction). Internal service provider teams will need to retain corporate metrics (e.g., uptime and productivity). Resource allocation is a key issue, often requiring new governance approaches, such as setting up a technology prioritization board. Usually, there will be a need to ring-fence critical internal resources to guarantee a minimum capacity to service internal corporate needs.
Externalizing IT services creates pressure to optimize cost structures, such as through IT landscape rationalization, cloud-native adoption, and automation, leading to efficiency gains that also benefit internal IT operations. Expanding services for the external market provides both a challenge and an opportunity to change the cost base, benefit from economies of scale, and reduce per-unit IT costs for internal as well as external services. On the revenue side, there is the consideration of creative options for pricing and go-to-market, including alternative business models (e.g., pay-per-use, subscription, licensing, white labeling) and new partnerships. A robust business plan with a comprehensive up-front analysis of total cost of ownership and ROI is essential. A phased approach, which monetizes low-risk/high-value opportunities first, helps ensure the controlling of financial risks.
Legal and regulatory advice should be accessed and secured at an early stage during business planning. Strengthening compliance also has benefits in terms of better internal governance and reduced compliance risk. As mentioned above, one issue is whether to create new legal entities and new contract forms suitable for the new IT services. Under GDPR and other similar regulations in other regions outside Europe, DPAs need to be set up with customers who may be accessing corporate data as part of the services and/or whose data may need to be accessed in order to provide the services. This normally requires conducting a formal Data Protection Impact Assessment. The “privacy by design” standard, which calls for the consideration of privacy throughout the whole engineering process, may need to be applied. Other certifications (e.g., ISO 27001 and SOC 2) may need to be sought. Under existing and emerging AI regulations, if the new services include AI, then the company may need to introduce new safeguards, such as stringent AI model evaluations and bias testing, systemic risk assessment/mitigation, stricter cybersecurity, and greater reporting obligations, including energy efficiency. Overall, enhanced regulatory discipline fosters greater stakeholder trust and accelerates innovation by removing legal roadblocks early.
Providing external services usually requires the development of new skills and capabilities. One key area is continuous innovation and agile working, including rapid development of offerings using pilots and minimum viable product approaches. Customer centricity is another key area, including skills such as understanding customer needs, developing propositions, and managing the customer interface. Marketing and commercial skills like market analysis, pricing, business development, account management, and sales may also be valuable, even if there are other corporate functions dedicated to these areas. These skills also enhance the capabilities of the internal IT function.
Case study — Creating more value from IT & AI for an airport operator
One of the world’s top three airport operators sought to unlock new revenue streams by capitalizing on its strong capabilities in technology and AI, as well as its extensive data assets for training AI models. The concept included providing airport IT and software services both within the group and to external clients while also supporting group-wide convergence of IT architecture. With support from ADL, a strategy and organizational model was developed to establish a new entity to realize this ambition.
The first step of the strategy involved analyzing the IT airport solutions market and the role of AI and generative AI (GenAI) as key disruptive technologies.
This enabled the identification and assessment of a series of strategic positioning options. Possible organizational models were developed for the creation of a new tech business unit, allowing leadership to align on the best strategic positioning and organizational model to achieve it. As part of this exercise, new policies were developed to meet regulatory and legal requirements, including group data management and IT governance. A new collaboration between different group entities was initiated through specific and concrete GenAI initiatives. The value creation potential of the new services is expected to be in the order of several hundred million euros over a five-to-eight-year timescale.
The market for digital solutions is booming, with technology spend at an all-time high and IT capabilities now critical to business success. In this context, organizations have a timely opportunity to turn IT from a cost center into a profit engine by monetizing their in-house capabilities. However, capturing this value requires careful attention to challenges by taking five key actions:
The payoff is a virtuous cycle: external IT services not only generate new revenue but also feedback to accelerate internal IT improvements — strengthening service orientation, agility, innovation, and alignment with strategic goals. Ultimately, companies that embrace this shift will reap the full benefits.
By Michael Majster, Joeri Samyn, Jean-Pierre Leotard, Mattias Jonniaux, Nicolas Mennig
cloud technology axon
Headquartered in France with an established footprint across the Unite...
