What Is Shadow IT?

Cyber Security

So what exactly is Shadow IT? You’ve probably heard the term before but you might not be sure what it actually means. Where does the term Shadow IT come from? 

What does the term ‘Shadow IT’ mean?

Shadow IT gets its name from the idea it is something being used in the shadows, without the IT team’s knowledge or consent. 

The term ecompasses any technology or software used to try and bypass the controls and limitations placed on the organisations IT systems. 

You might be wondering why people would look to use Shadow IT and not work within the existing system. Most commonly it is because users feel they can not get the agility or functionality they need or want from the existing systems and software. They may not agree with some of the controls placed on them by the IT system so look for a way around them. 

More often than not, using shadow IT is not a malicious action but one that is taken out of frustration and in a bid to increase productivity.

With that in mind, to some extent it could be argued shadow IT has benefits for a business. 

While it can be viewed as a good thing, with potential benefits for the business if staff are motivated and working more productively, innovating, and being more efficient, there are also a lot of potential dangers. 

Why can Shadow IT be dangerous?

First of all it’s worth considering that there is usually a good reason that controls and restrictions are put in place, and that is to protect the business and its users. 

Placing controls on access and sharing of certain apps, data, files and websites helps to stop malware infection, leaking of sensitive data, or accidental damage.

It’s also important for IT departments to have an overview of the entire IT ecosystem so adding in unapproved programs can cause a lot of issues with security and compatibility.This type of action can also easily undermine the existing security policies and could even break compliance which cause the business legal and financial issues. 

Another issue is that the long term strategy for IT and digital transformation projects can’t work if users are using old software and tools that are no longer officially supported. Training staff on new software and tools is essential to encourage adoption of the new solutions.  

Ineffective costs

Businesses have a budget for IT and invest in processes, systems, and infrastructure as part of a strategy for the organisation. Part of the goal when working within the strategy will be to measure how successful it is, and look at what the return on investment is. Shadow IT causes issues with this in a few ways. One is that users working with shadow IT are getting the budget from other sources in the business which is not intended for IT expenditure. Another issue is that the authorized solutions that have been invested in, deployed, updated and maintained have a cost and this will be wasted if they are not being used as intended. 

Is Shadow IT becoming a bigger issue?

Unfortunately it seems like more users are resorting to shadow IT. With more people working remotely users are facing more IT challenges and frustrations in trying to perform their jobs. 

In fact there has been a sharp 59% rise in shadow IT usage since March 2020. 35% of employees admitted to using workarounds to get past business security policies to complete their work.

It has been reported that around 1 in 5 organisations have been breached by a cyber-attack due to shadow IT. This stat alone shows that there are serious dangers in the practice that can have negative effects on a business.

You might also be interested to know some of the most popular Shadow IT services users are implementing without the consent of the IT department. 

It ranges from popular messaging apps like WhatsApp or Snapchat, or comms apps like Skype, Slack, and Microsoft Teams, to cloud storage tools including Google Drive and Dropbox. 

The issue for businesses and IT departments is that without control over the tools and systems, the IT policies can not fully protect the business. For users, tools that don’t allow for productivity and ease of use cause frustration and a lack of efficiency. 

The solution needed is that IT departments and users work together to ensure the best tools for the job are securely deployed into the IT ecosystem.  


Computers in the City, your IT partner

Computers in the City is London’s longest-standing IT partner. With over 20 years’ experience, we can assist you to meet your IT support, consulting and cloud computing needs. We’re proud to be local, offering 24-hour support in straightforward language that takes the stress out of IT support.