What is Shadow IT? Answers to Common Questions.


A visualization of shadow IT

Shadow IT Explained

Shadow IT is the use of IT hardware or software by an individual without the knowledge of IT within the organization.

With the rapid proliferation of mobile devices and cloud-based services, IT has moved from being a tightly controlled environment to being an open environment with a great deal of stakeholders and movement. Users have become comfortable downloading and using apps and services from the cloud to assist them in their work, and will do so with or without company approval.

According to Cisco in 2016, 80% of end users use software not cleared by IT, 83% of IT staff admit to using unsanctioned software or services, and only 8% of all enterprises actually know the scope of shadow IT within their organization. And shadow IT has only grown since then.
SaaS management software can help by providing both visibility and control of apps throughout the organization.

What are the problems with Shadow IT?

Every new device and application added without IT’s knowledge runs the risk of creating a security gap. Additionally, redundant apps, lapsed subscriptions, siloed data, and collaboration inefficiencies are other common problems.

In a world where malware can take down systems in the blink of an eye, one wrong move can leave reams of data unsecured, and that can be a scary thought. A well intentioned-user can end up doing more harm than good and at the end of the day IT, and more specifically the CIO, will be on the hook.

But are there any benefits?

People use Shadow IT for a reason: Flexibility. One of the more common motivators for a user of shadow IT to choose an “unapproved” app is because it is more efficient and effective than what the IT department has chosen, and chances are pretty good that the employee hired to play a specific role may know a bit more about the tools of their trade than IT.

Despite the security dangers, shadow IT gives users a way to quickly and easily get the tools they need to be more productive and interact smoothly with co-workers, customers, and partners.

Common Types of Shadow IT

Common shadow IT examples include:

  • Productivity apps (Trello, Slack, Asana)
  • Messaging apps on corporate-owned devices (Snapchat, WhatsApp)
  • Physical devices (flash drives, external drives)
  • Cloud storage (Dropbox, Google Drive)
  • Communication apps (Skype, VOIP)

What Is The Risk of Shadow IT?

With the spread of information technology into consumer hands, hundreds of these applications are in use at the typical enterprise. The opacity surrounding each one represents a security gap. Although some applications are harmless, others include functionality such as file sharing and storage, or collaboration, which can present big risks to an organization and its sensitive data. IT and security departments need to see what applications are being used and what risks they pose.

How to Detect Shadow IT

There are some technical steps you can take to sniff out shadow cloud and IT services, including:

  • Firewall logs
  • Web proxy logs
  • Data loss prevention tools
  • Network-aware monitoring tools

You can set up an automated process with any combination of these tools to alert admins about new cloud usage as soon as it is discovered. However, there might be areas where visibility is limited, and the setup process itself is a heavy lift.
Mobile creates an extra wrinkle, as SaaS applications do not necessarily travel through your business’s network.

How to Prevent Shadow IT

It’s not entirely preventable, but there are preventative steps you can take. A culture change to a collaborative environment lets IT and business teams share goals and stay aligned. Clear processes for requesting new apps and a quick turnaround time for new app requests keeps employees feeling listened to and productive. Training about internal processes and the risk involved with shadow IT, and transparency around what is in use by other teams will help employees feel empowered to go through the right channels rather than install their own apps.

SaaS Management

SaaS management software such as Blissfully can help by providing both visibility and control of software-as-a-service (SaaS) apps. Blissfully allows users to see all SaaS apps in use and who is using them, optimize spending, manage vendors, and provides a central place for data security and compliance. Try Blissfully free today.

Or for more information about IT management and Shadow IT, read our Collaborative IT Guide.