What Shadow IT means for your organisation

Shadow IT represents any technology spend that occurs outside of and without input from the IT department. An estimated one-third of all technology spending falls under this category.

The rise of Shadow IT is as harmful as it is inevitable. Tech savviness is no longer concentrated within the IT department. As more and more digital natives enter the workforce, the demands on the IT department, and business as a whole, are changing. These new users want technology to enable their work, and in many cases they don’t understand why they have a much richer and more robust computing experience at home than at work. They demand to, for example, bring their own devices (such as mobile phones) to work…so why not bring their own IT solutions too?

The cloud has also made it easier than ever to identify and consume IT resources. Implementations that used to take an army of consultants and a matter of years can now be done in a fraction of the time with nothing more than a credit card. Today’s business leaders are armed with the ability to bypass IT.

Causes of Shadow IT

At its core, Shadow IT results from a disconnect between IT and the business. The business believes that IT is being unreasonable in not adapting to its needs, and IT thinks the business is sacrificing long-term environmental stability at the altar of short-term needs.

Often, Shadow IT grows in an organisation from certain potential factors:

  1. IT does not respect its users. We have all seen IT departments that treat users as an inconvenience, and if IT does not show a willingness to engage and cooperate with the user base, the users will find solutions on their own.
  2. IT isn’t innovative. As mentioned earlier, users are more technically savvy than ever before. They have rich computing experiences at home, and they are able to encounter new and powerful IT paradigms through social media. If IT doesn’t deliver innovation, it’s not surprising to see users discover and seek the innovation on their own.
  3. IT is expensive. If your IT department is bloated with bureaucracy, or projects constantly find themselves over time and over budget, users will run out of patience, especially when external providers can deliver powerful Shadow IT with just a few clicks and a credit card.
  4. IT isn’t flexible. Some IT departments can develop a siege mentality, in which any suggestions for improvement are dismissed simply because they differ from “how things were always done.” Users are only human; they will tire of a can’t-do attitude and seek alternative solutions.
  5. IT is too slow. Before the digital age took over all aspects of business and life, it was more defensible for IT departments to deliver solutions more slowly. These days, if the time to deal with requests can be measured with a calendar, users will look to a company that can provide them solutions quickly.

Risks of Shadow IT

Shadow IT has many logical explanations with reasonable causes, but it also presents risks for the average organisation.

The biggest and most obvious risk is data security. Each cloud service has its own data protection and retention practices, and these might not match with your organisation’s requirements, even if the service itself meets your needs. For example, the cloud service might not encrypt data, either at rest or in transit. The cloud service might even have rigid terms of service that entitle it, at least in theory, to your company’s intellectual property.

If an employee who used a Shadow IT service ends up leaving the company, he or she could still have access to the cloud service, which might have important data both for your organisation and its clients. This is a major risk to the company’s long-term client retention and its reputation in the industry.

Tribal knowledge is another key risk of Shadow IT. Even if the credentials don’t leave with a certain employee, the knowledge of how to utilise the service might leave when a certain employee decides to move on. This could render the shadow service completely useless.

Fixing Shadow IT

Fortunately Shadow IT is not the end of the world (or your business). While it is unavoidable, embracing and managing it is certainly helpful in reducing the risk of negative impact and ensuring that all uses of technology create value for your organisation – whether it was approved or not.

If you are looking for a quick guide on addressing issues caused by Shadow IT, check out our 5 Step Plan of Attack on Shadow IT.

The most important way to combat Shadow IT is to engage with your users as active partners, rather than an annoyance or a hindrance. Opening lines of dialogue, such as what DevOps encourages, can strengthen the bond between IT and the business and bolster each side’s sense of common purpose. This could in time eliminate the need for Shadow IT solutions.

The IT department has many core competencies, including standards, process, and best practices. For the long term, it would be easier for an IT department or a Managed IT Services Provider to sit down and develop objective standards for any external cloud service, against which the business can gauge a proposed solution, rather than treating each request as an ad hoc. As a result, IT can still become the overall arbiter of technology, as well as the keeper of standards and best practices. It’s a departure from the historical “we build everything” idea, and a great way for IT to fit into the paradigms of modern day business.


Shadow IT was the result of numerous factors and developments over the past decades, including increased technical knowledge among end-users and increased gatekeeping and inertia from IT. A new sense of partnership, and a promulgation of key standards and best practices, can allow the IT department to embrace the new reality and bring business tech out of the shadows.

Do you have concerns about Shadow IT in your organisation? Chat to us today on 1300 302 207 or send us a message here.