Why Cities Are Struggling to Track the Software They Use

How many software tools is your city using? One CIO couldn’t answer that question—and the reason why is eye-opening. Departments are buying tech without IT’s knowledge, and it’s putting sensitive data at risk.

At Marketplace.city, we’ve seen a growing trend across local governments: a proliferation of software tools being used—often without centralized oversight or coordination. A recent conversation with a CIO from a major U.S. city really brought this issue into focus.

During our meeting, I asked her a simple question: How many different software tools is your city using right now? Her response? “I honestly don’t know.” And it wasn’t for lack of interest—she simply didn’t have access to that information. Why? Because many of the city’s departments were independently purchasing software tools without involving IT.

One example she shared was particularly eye-opening. A juvenile detention center within the city had licensed a cloud-based visitor management system. This system collected and stored sensitive information—details about juveniles in custody, visitor identities, and background check data. But the detention center hadn’t consulted IT before making the purchase. They paid for the service with a city credit card and started using it immediately.

When the CIO confronted the team about the lack of vetting, their response was, “This isn’t technology. It’s just a website.” In their minds, the distinction between an installed application and a web-based tool exempted them from going through proper IT protocols.

But of course, this is technology—and it involves sensitive data. The CIO rightly pointed out that this kind of data use needs to go through cybersecurity reviews and follow city data governance standards.

This disconnect—between what constitutes “technology” and who’s responsible for managing it—is becoming increasingly common. Many city departments view SaaS products as plug-and-play tools, not realizing that even the most basic cloud service can carry serious implications for data security, privacy, and compliance.

And so, some cities are starting from square one: simply trying to figure out what’s in use. Without a centralized inventory or system for procurement oversight, IT leaders are forced to play catch-up—trying to secure and standardize an ecosystem that’s already sprawling.

This is the challenge we help city leaders tackle every day: bringing visibility and structure to their growing portfolio of tools, so they can govern smarter and protect better.

Want to gain visibility into your city's software ecosystem? Learn how Marketplace.city can help.