What is Shadow IT?
What is Shadow IT?

What Is Shadow IT? Know the Basics!

As defined by Gartner, Shadow IT refers to IT devices, software and services outside the ownership or control of information technology (IT) organizations.

These are any IT projects that are managed outside of – and without the explicit approval of – the IT department of your organization.

If you’re thinking well, my employees know better than to do that, think again. According to CIO, studies by Gartner show that shadow IT makes up a whopping 30–40% of IT spend in large enterprises. Research by Everest Group finds it comprises 50% or more. It’s far more common than one might think, but it the presence of shadow IT and EUCs isn’t always a bad thing.

Infographic: Guidelines for Effective Vendor Onboarding

Mitigate risk while building strong vendor relationships.

Why does it happen?

As boards and management take a greater interest in security and risk management (and that’s understandable, particularly at a time when third party breaches are rampant), there’s a greater obligation being placed on security teams to translate their work into a business context. It’s when there’s a lack of or a breakdown in communication between security and the rest of your organization that shadow IT gains traction.

According to a survey by Cisco, participating CIOs guessed that there were 51 cloud services running on their organization’s company cloud. The real number? A significantly larger 730.

There are a few main reasons that may be encouraging the rise of shadow IT in your organization:

  • Everyone now has access to data and technology tools. From marketing to sales, anyone can access data and use it as they see fit.
  • IT may be overwhelmed – and if it moves too slowly for other departments, they may take matters into their own hands. Technologically savvy teams are less likely to wait for your IT department  and more inclined to look for alternative solutions that they can roll out themselves.
  • According to a study from a few years ago, the biggest users of shadow IT services were  IT employees – possibly because they felt that they were better equipped to handle the risk involved.
  •  Third party services and cloud providers make it easier to install solutions, and as technology progresses the complexities around advanced solutions such as AI and machine learning are reduced. This makes these providers more and more appealing to employees, both in your IT department and across the organization.
  • As hybrid work environments become the norm after the COVID-19 pandemic (and if you think they won’t…think again), the large number of people working from home will only increase the number of shadow IT projects.

Shadow IT examples

Most shadow IT examples will sound very familiar to you, and include End User Computing assets and applications that comprise ‘a system in which individuals are able to create working applications beyond the divided development process of design, build, test, and release that is generally followed by professional software engineering teams’.  Some examples of shadow IT systems and apps include:

  • Online cloud storage

 There are a huge number of online or cloud-based storage services available to everyone today, from Dropbox to Google Drive. They offer users a very quick and simple way to store and manage files online – but these solutions may not have been vetted and approved by your IT department.

  • Productivity apps

Slack, Asana, Trello – all of these familiar names are examples of shadow IT when they’re not administered or approved by IT.

  • Physical devices

Flash drives and external drives may seem secure as they are with you physically but they should still be approved.

  • Communication applications

Skype, Voice over Internet Protocol (VoIP) and especially Zoom have become extremely popular and important both during the pandemic and as we settle into our post-COVID reality.

Exposed by EUCs: A Forbes survey found that more than 1 in 5 organizations have experienced a cyber event due to an unsanctioned IT resource.

Bottom line? While it feels like everyone is using these services today, they should first be deemed “secure” or “company standard” by the IT department.

The business benefits of shadow IT

We’ve taken a look at what causes shadow IT to flourish, and those reasons can be directly related to the benefits that shadow IT offers an organization:

  • Avoiding bottlenecks

When employees are frustrated with the speed of the IT department, they’ll turn to shadow IT to avoid bottlenecks. This is a benefit as it speeds up processes that may otherwise cause unnecessary, vexing delays.

  • Empowering employees

Shadow IT solutions empower each of your employees to take action in manners that they may not otherwise have been technologically capable of.

  • Decreased technology costs

With more solutions scattered across employees, EUCs can take the stress off your IT department and allows them to focus on more valuable matters, resulting in increased productivity. Shadow IT solutions are also often much cheaper than other technology the IT employees may employ.

  • Leveraging employee insights to improve processes

When you have more employees engaged in shadow IT, you have more employee engagement and thus gain better visibility into opportunities for improvement and increased insight into employee needs.

Shadow IT: The risks and challenges

Of course, shadow IT presents a lot of risks and challenges to any organization. Some of the major ones include:

  • Decreased security

Shadow IT applications are not vetted by the IT department, so they don’t undergo the same security procedures and protocol as other implemented technologies. For instance, these applications may not follow best practices around data access controls, backup and recovery – which increases the risk of data loss, including sensitive customer data. IT staff should know what apps are being used as they can spread awareness of the risks involved, from data breaches to other liabilities.

Read more about Reducing Work-From-Home Risk from Shadow IT During COVID-19

Read the blogpost –>

  • Poor collaboration

While employees may turn to shadow IT applications to increase productivity, the flip side is that having different departments relying on different applications causes difficulties. If one department uses Trello and another prefers Asana, chances are that you’ll see less collaboration and more miscommunication and confusion across your organization.

  • More work for IT

Most shadow IT applications may seem straightforward, but what happens when one breaks down? As more teams run applications, inefficiencies will begin to show and employees will turn to the IT department for help. Not only does this increase workload on IT, it also poses a challenge as they may or may not have the visibility, documentation or knowledge needed to fix the problem.

What can you do to reduce risk?

So are shadow IT applications and End User Computing (EUC) applications welcome in your organization? That’s a decision you need to make based on risks and rewards. The reality is, whether you decide to try and limit them, there will always be some apps that will be used by your employees. The best thing you can do is implement a means of identifying and monitoring these applications. ClusterSeven can help you take control of data assets that can put your organization at risk.

Manage your Shadow IT spreadsheets

With ClusterSeven, take control of the End User Computing assets hidden across your enterprise that can create hidden risk.