laptop & mobile phone on desk in low light

What is shadow IT? The risks, costs and benefits.

Summary

How to manage, protect, and control shadow IT.

Time: 9 minute read

Shadow IT exists in almost every business and organization. The word “shadow” gives it an ominous tone. But it’s not really.

The IT professionals who support your organization know about it. They may even encourage some elements of it.

You may even be involved.

Shadow IT is rarely a hidden practice. It does come with risks and costs – but also potential benefits to both employees and the business.

In this article, we will:

Answer the question, what is shadow IT?
Share common examples
Explain the risks and dangers
Explore the challenge presented by a remote workforce
Discuss the benefits of shadow IT

At the end, we’ll also provide a checklist to help you identify and manage shadow IT in your organization.

What is Shadow IT?

Shadow IT describes all of the devices, applications, platforms, and technologies used outside your IT department or provider's control and knowledge.

We'll share some examples in a moment, but it's important to note that rarely do employees do this to “get around” IT or company policy. In most cases, employees or departments find a tool that they like, which helps them do their job better.

The use of non-managed applications and technology can reflect individual user preferences. It may also reveal issues with the tools selected for use by employees and departments. For example, some problems could be as follows:

Lack of training. Without proper training, a user may not fully understand how to use a new platform or application. Previous tools – like those used at a former job – may be preferred. Users cannot replace a customer records management tool (CRM); however, they may use alternative applications to work with the tool's data.
No input. Employees live in the process. They often know what they need to be more efficient. Asking for their input when choosing tools and technology goes a long way to reducing third-party tool use.
Too difficult, too slow. IT-controlled VPNs and file shares can be slow and difficult for employees to use. Cloud storage applications make it easy. All employees need – especially remote workers – is an internet connection.

Examples of shadow IT

Your IT group manages your network files and applications.

But what about GoogleDrive™, DropBox®, or OneDrive™? Task management tools like Trello and Click-up may help organize workflows, but they can also put company information outside your company's security protocols.

Or perhaps a department uses one of seemingly limitless third-party software-as-a-service (SaaS) platforms. The abundance of possible SaaS solutions and applications makes it impractical to list them all.

Another shadow IT practice is bring-your-own-device (BYOD). Some IT groups support this practice when they allow users to connect their personal smartphones and tablets to the internal network.

In each case, the application or device engages with business systems and data outside IT control and monitoring.

The risks of shadow IT

Does data security leap at you as a significant risk of shadow IT?

If so, you’re right. But data security risks aren’t the only problems shadow IT practices create. Let’s take a closer look at the most significant ones.

Data security. Uncontrolled and unmonitored endpoints like smartphones and third-party cloud applications become open gateways into an otherwise secured network. Even if your network and application are secured, the data transmission between the two may not be. This can be especially true for remote workforces. When it comes to data security, shadow IT is a cybersecurity nightmare.
Compliance. Data security and compliance are closely related. Shadow IT practices pose a threat to compliance even if your data never becomes compromised, depending on your compliance requirements (HIPAA, Sarbanes-Oxley, or PCI, for example).
Efficiency problem #1: Time lost. The use of non-supported applications requires that the user solve any technical issues that arise. While many employees today are quite capable of solving technical problems, doing so takes time away from core business activities and although responsible employees will work “overtime” to see that the job gets done, this extra time eats into their personal hours. Employee frustration and dissatisfaction often result, directed at IT – for not providing the tools needed!
Efficiency problem #2: Collaboration disconnects. When users choose their own tools and platforms, the potential for non-compatible file types increases. This can interfere with collaboration efforts in terms of how time is spent, i.e., solving technology issues rather than productive activities.

These four represent the most common and significant problems of shadow IT to an organization. In recent years, a new element has only added to – and complicated – the reality of shadow IT.

finger typing on a keyboard in low light

Shadow IT and your remote workforce

The increase in remote workers has created an influx of new unsupported hardware, software, and cloud applications. Some of these should be controlled, others are just a reality of the remote work model and are best left that way.

For example, IT departments aren’t supporting home gateways (the physical hardware sometimes called modems or routers by internet service providers or ISPs). And the thing is, they don't want to.

Most IT departments aren't supporting home printers or other family devices on the same home network shared by the business laptop, PC, tablet, or smartphone either.

Shadow IT is just part of remote work. If a company finds its remote workers using a lot of third-party or unsupported applications, that may be an indication of an opportunity to streamline consolidate systems. Either way, shadow IT introduces potential security gaps, but it also offers many potential benefits, the ability to work remotely being one.

The Benefits of Shadow IT

Without question, the cons of shadow IT are its significant risks. As such, you might think IT professionals would only see those and seek to prevent it.

The opposite is often true.

For example, one survey of IT professionals reported:

97% said employees using their preferred technologies are more productive
80% said their company should embrace the technology requested by employees
77% believe their companies would be more competitive if leaders collaborated with employees on technology solutions

These responses reveal that shadow IT has positives too. These benefits include:

Increased productivity. Employees get more done when they use the tools and applications they like and with which they are familiar.
More eyes looking for better tools. Finding new technology may once have been the responsibility of technology professionals and department managers. Today, many employees are plenty comfortable searching for tools to make their jobs easier.
Expert insight. Employees have two pieces of knowledge that make them the perfect source of insight for ways to increase efficiency and drive productivity: 1) practical, day-to-day experience with the task, and 2) the inefficiencies in the process.
Empowered employees. When employees contribute to technology selection, they buy-in more to the company and its goals, taking greater responsibility for their work and company success.
Lower technology and office costs. In some cases, shadow IT can save organizations a bunch of money. Bring your own device (BYOD) removes the expense of providing mobile devices to employees. On the upside, they reduce office expenses such as leases, equipment rentals, IT hardware, utilities, etc.

How to manage shadow IT in your business

How a business manages shadow IT will depend on where it finds the greatest need among third-party applications, personal devices, and remote workers.

For some businesses, managing hardware and security may be the issue. For others, it could be applications users have chosen for more productive workflows. Collaboration could also drive the need. (Zoom, for example, was recently embraced by many companies to ensure their teams could continue to meet.)

Regardless of the driving factor, many solutions are available to manage and keep shadow IT under control.

Managed IT services.

woman assisting another woman at a computer workstation

Technology has become so mobile and diverse that few IT departments have the resources to monitor and track every device, 24 hours a day, 7 days a week. An increased remote workforce has only stressed already stretched resources. Third-party managed IT service providers offer comprehensive IT services with enterprise-level tools to monitor, track, and manage an organization’s infrastructure, devices, and more.

Explore managed IT services

Cybersecurity services.

man sitting at a window in a public place

Bring-your-own-device and remote workforces create security gaps that malware, ransomware, and other cybersecurity threats can exploit. The challenge of protecting endpoints like laptops, PCs, smartphones, and tablets has grown, especially when they can connect to the internet through unsecured connections. There are ways to manage and protect all of these shadowy endpoints. For companies with limited resources, managed security services can help.

Learn about cybersecurity services

Cloud applications.

people at a meeting table and one with a tablet

Many employees use cloud applications like Google Docs or Trello or Slack to get around clunky VPNs. These applications also offer easier accessibility, simpler sharing with others, and workflow management tools. Embracing cloud applications that meet specific needs across the organization can bring all applications back into a supported infrastructure. Here's a quick snapshot of how to do it:

Identify all the shadow applications being used.
Learn from the users why they chose them.
Build a cloud infrastructure or migrate your applications to the cloud.

View cloud solutions

Document management.

multiple people reviewing documents against content on a tablet

Centralized document storage with workflow automation can streamline processes, eliminating the need for shadowy add-ons. A document management system enables you to control document access. Creating workflows that keep tasks and approvals moving is simple. You also eliminate many manual processes, especially those impacted by remote workforces.

See document management solutions

A well-defined change management process.

three people in a meeting reviewing documents and tablet

Often, employees start using shadow IT tools because their current tools don’t meet their needs – and they’ve found a way to be more efficient. You can capitalize on this valuable knowledge to develop solutions through a change management process.

Make shadow IT your gateway to a competitive advantage

There’s no question shadow IT presents severe risks to businesses. It does have an upside, however.

When employees engage outside technologies, they’re telling company leaders that opportunities exist for greater efficiency. They also reveal that they are engaged. After all, they wouldn’t search out ways to be more productive if they didn’t want to be effective.

As an IT professional or business leader, you can harness this activity and insight to streamline your business processes. We know. We help businesses do it all the time. If you’d like to learn more, contact us.

Recommended for you

Defining Hacking & 11 Essential Hacking Terms

What is hacking? Learn about hacking threats and 11 essential hacking terms to protect your data, your business & your employees against cyberattacks.

Digital Forensics for Kramon & Graham

Learn how Ricoh's Digital Forensics Services helped Kramon & Graham recover $8.5 million through a default judgment, prove data wiping and spoliation of ESI.

Information governance solutions

Information governance services, including policies and procedures, help you ensure data is managed, secured, shared and measured effectively.