Learn about shadow IT, common examples, the latest statistics, unmanaged apps risks and benefits, and how to discover and manage shadow IT.
► Find out how to successfully discover a complete SaaS portfolio!
With the consumerization of information technology and steadily increasing adoption rates of cloud-based services, shadow IT has become an important topic that won’t go away anytime soon.
In fact, current trends show that individual employees are responsible for 50% of all cloud app purchases, while 35% is procured at departmental levels and only 15% can be subscribed to IT teams. This means that the majority of purchases happens without the knowledge of the IT or security group within an enterprise.
In this article, you’ll learn more about shadow IT, the associated risks, costs and benefits, and how to successfully discover and manage the software that’s off the radar.
Shadow IT describes the procurement and use of IT-related hardware or software without the explicit approval of IT departments. This includes hardware, off-the-shelf packaged software but most commonly cloud services, including SaaS (software as service) and IaaS (infrastructure as service).
Even though unmanaged apps can refer to many things, the main concern enterprises have today, is the increase of SaaS applications that haven’t been approved by IT departments. After all, employees feel increasingly comfortable with downloading apps and services that help them get their job done. And while this relatively new phenomenon comes with its risks and challenges, it also has its benefits like increased productivity, fewer bottlenecks, and immediate problem-solving. Thus, shadow IT doesn’t deserve the negative reputation it currently has.
Next, learn about the most common shadow IT examples and the three main software categories they belong to.
Most SaaS applications that are purchased by individuals and lead to shadow IT fall into one of the three main categories: productivity, communication and collaboration. As there are constantly new providers and applications with various new features, employees tend to choose the apps that best suit their needs and update software whenever they see fit. Below are some examples of typical shadow IT applications.
Productivity: More often than not, these are apps for better project management like Trello or Hive that allow employees to assign tasks and keep track of time and progress. Other productivity apps are designed for social media management like Hootsuite or help employees check the quality of written output like Grammarly.
Communication: Especially with an increase in remote job opportunities, communication tools are more important than ever. SaaS applications like Slack allow for easy communication and video conference applications like Zoom or Webex help remote teams hold video conferences and allow screen sharing.
Collaboration: Since sending big attachments via email isn’t always possible, most teams use different file-sharing tools like Dropbox or OneDrive to upload and share files. And of course, there’s a whole collection of SaaS tools for working collaboratively. The best example is GoogleDocs or apps for better workflows featuring discussion boards and real-time notifications.
When it comes to hardware, common shadow IT includes items like servers, PCs, personal laptops, tablets, smartphones, or hard drives.
There are a few reasons why shadow IT applications have become more common in almost every enterprise. One of them is directly linked to the rapid growth of cloud services or software as services that are easily accessible for employees on all levels.
Remember that 85% of all cloud app purchases are made by non-IT team members. Plus, the average employee is becoming increasingly tech-savvy and doesn’t usually wait for IT teams to approve of solutions that enhance their efficiency and productivity.
On top of that, most businesses experience a shortage of developers. That means teams take matters into their own hands instead of waiting for busy IT experts to develop an in-house solution to a problem.
More often than not, there is also a mismatch between the business and developers – many applications designed for developers neglect certain business aspects which lead managers and their teams to look for quick fixes.
Since shadow IT seems to be on everyone’s radar, there is an increasing amount of research investigating its usage and impact on enterprises around the world. Below are five recent shadow IT statistics that might leave you surprised.
As the above data suggests, shadow IT is difficult to control and still an untapped field for most organizations. However, it doesn’t have to have a strictly negative impact on a company but can be a source of employee productivity and empowerment. But first, learn about the specific risks that are associated with shadow IT.
Considering how many employees procure SaaS applications without prior IT approval, there are certain risks that are growing alongside the amount of shadow IT. However, if IT departments and leadership know about these challenges, they can make better-informed decisions and mitigate problems as soon as they arise.
Below are the 5 biggest shadow IT risks that you should be aware of:
Security issues: With more than half of all organizations not including shadow IT in their IT threat assessments, shadow IT introduces new security gaps to any enterprise. While some applications might be harmless, others could promote data leaks. Thus, IT departments should at least be informed about which apps are being used for file sharing and more.
Non-Compliance: To protect their customers, clients, and business partners, organizations are subject to stringent compliance regulations that are enforced by their respective governments. In case of non-compliance due to shadow IT, a company can face hefty fines should unapproved software jeopardize the confidentiality of sensitive data.
Configuration management: IT departments invest a good amount of their time to create the perfect IT workflow with the help of a configuration management database (CMBD). When shadow IT is introduced, it’s likely not supported by the CMDB as the right people don’t know of its existence. This could lead to a disruption of the existing system workflow.
Collaboration inefficiencies: When teams rely on different apps to get their job done, collaboration might decrease or become less efficient. Example: If one team uses Google Drive for file sharing and another team uses Dropbox, documents will get uploaded, downloaded, and edited multiple times.
Lack of Visibility: Shadow IT truly lives up to its name, meaning that it is invisible to IT departments. Even though SaaS applications typically don’t take up much space, they can impact the bandwidth or simply break. If a team heavily relies on a broken app that IT doesn’t know about, it’s difficult to provide quick fixes or solutions.
Reshape your IT with 24 key Enterprise Architecture Views
A visual guide to the IT and Business Architecture reports your stakeholders want to see.
6 Ways to Save IT Costs
The acceleration of technology has caused enterprises to lose a clear line of sight into their IT spend. This poster provides 6 ways to save IT costs.
Best Practices to Define Data Objects
This poster leverages examples of visual data objects to enable you to map the data objects of your organization.
Reduce IT Costs & Risks with Application Rationalization
One of the most effective ways to save costs and mitigate technology risks is through application rationalization.
While the risks and challenges that come with shadow IT can’t be denied and shouldn’t be ignored, there are also numerous benefits that enterprises are starting to embrace. One of them is improved productivity. When employees find that the current solutions aren’t sufficient, they’re looking for ways to increase their productivity by using suitable SaaS applications. That way, they also get to use the tools that they prefer.
Some sources also suggest that employee satisfaction is much more important than employee productivity. Slow IT approval processes can cause great frustration and a lack in motivation. However, if employees are being empowered to find their own solutions, their satisfaction goes up and ultimately, also their quality of work. On top of that, new technology trends are being adopted much more quickly if every employee keeps an eye out for new tools.
However, keep in mind that it’s important to communicate the risk of shadow IT to your employees and let IT teams review new solutions in an unbiased manner.
It’s not a surprise that the outlined shadow IT risks also come with a financial burden. And there are various types of costs that can occur when the negative aspects of shadow IT start outweighing their positive ones. But where do these costs come from? Most of them fit into one of the two categories below.
Security costs: When technical oversight is lost, data breaches or ransomware attacks can occur much more easily. And in the worst-case scenario, these incidents cost companies millions of dollars – in the US, a data breach costs a company $8.19 million on average. Then there are also compliance costs: Organizations in highly regulated industries can incur high penalties for using unauthorized applications.
Operational costs: Shadow IT could be in the way of long-term IT strategies and accumulate operational costs that could be avoided. Reasons are under-utilized licenses, duplicate licenses, and missed discount opportunities for organization-wide procurements. Plus, there’s a good chance that shadow IT isn’t properly integrated, causes combability costs, and hampers productivity between teams.
The more your organization adopts a cloud-first approach, the more you will have to deal with shadow IT. However, you don’t necessarily have to suffer under the challenges and associated costs. In order to mitigate the risks and to embrace the benefits that this trend has to offer, shadow IT needs to be discovered and properly managed.
The process described below enables you to discover, detect, and audit any shadow IT application that your employees use.
In the first step, you need to know what is actually in your environment. Discover all apps in your software portfolio by using Enterprise Architecture, SAM or, SaaS management platforms. Manual discovery methods prove to be inadequate and time-consuming.
Once you have a complete inventory, you’ll be able to store a variety of characteristics for each application, e.g., number of licenses, seats, users, total spend, purchase type, renewal period, etc. Knowing each characteristic will enable you to establish accountability of applications that will help you to act on the findings moving forward.
Do apps comply with your enterprise’s standards? With an overview, you can perform risk assessments on all applications you discovered in the first step. You can also find out if an app is associated with a recently published security breach. Assessments described below can prioritize actions you take. These can be done based on the following criteria:
Data security risks: Analyze security certifications and technical measures maintained by the vendor.
Regulatory compliance: Gather information where data is stored, who has access, and vendor compliance certifications (GDPR, CCPA, SOX, and HIPPA).
Business risks: Assess whether vendors are future-proof and can generate lasting value for customers and shareholders.
In the next step, you can leverage integrations and API connections to track application usage patterns and identify underutilized purchases. Best practices to analyze applications is to begin with:
Data gathered from the previous steps helps you rationalize applications according to which applications are needed, by whom, and for how long. At this stage, companies must define their needs and take steps to optimize or retire unused software. Best practices for evaluation and rationalization can be done through:
With a controlled intake and usage awareness, companies can build a process around buying SaaS applications to avoid recurring rationalization. Best practice around buying and renewal processes are to:
Since there’s constant movement in a cloud environment, you need to keep monitoring your network and keep a record of new applications. Plus, many SaaS apps are updated on a daily basis, so there might be policy changes that you shouldn’t miss.
Automated monitoring ensures repeated rationalization and reduces the need for overly-controlling centralization measures or cuts in the wider enterprise. Regular reviews will help make sure:
In this day and age, shadow IT comes with the territory of cloud-based environments and is difficult to avoid. That’s why you should focus on its benefits while managing the associated risks in an effective way.
By understanding what shadow IT is and knowing its potential impact on your enterprise, you can address challenges and create a culture of employee empowerment and productivity. This involves strategic shadow IT discovery, getting all departments on board, and the openness to technical innovations even if they disrupt the status quo.
After all, employee satisfaction translates into productivity which has a positive effect on your products, customers, and overall growth.
What are the risks of shadow it?
What is an example of a shadow IT?
Why people use shadow IT?
How to detect shadow IT?
How to audit shadow IT?
Free White Paper
Uncover the value of your SaaS subscriptions and make informed decisions based on best management practices.