Are you Aware of Shadow IT?

Posted by Theresa Hietpas

Oct 14, 2015 11:38:34 AM

Shadow ITUnderstanding Shadow IT

“Shadow IT” is a term for the dozens (if not hundreds) of programs and networking solutions being used inside of a business that their IT department or provider is unaware of or does not support.

A brief scan of Shadow IT web resources, including studies sponsored by and McAfee, reveal that:


  • More than 80% of survey respondents ad 
    mit to using non-approved software and services in their jobs. More than two thirds admit to emailing documents home to work on them, even when they aren’t sure it’s allowed.
  • Desktop productivity tools, social media, and file sharing are among the most popular “shadow” apps, but unauthorized IT includes things like instant messaging, USB thumb drives and personal media devices as well.
  • File sharing accounts for about 39% of corporate data uploaded to the web. In 2013, the average company was using 20 file sharing services - 35% of those unauthorized. By 2015, that number had more than doubled to an average of 49 file-sharing services.
  • The average employee thinks they are using 3 web services…when they are really using closer to 28.

The risks involved in shadow IT are myriad.  The most obvious is that unauthorized software is a potential entry point for malware. There is increased risk for data loss and corruption when the IT department doesn’t know that the data and programs exist, and the software itself can cause local system issues and network resource issues.

The business risks are even greater. Confidential information stored in uncontrolled, unmanaged systems and services is at risk of data loss or disclosure that can be incredibly damaging to the business and reputation.  It may violate accepted business practices and professional responsibility standards in some industries, and in many cases violates regulatory standards for information and records management that can run into hundreds of thousands of dollars of fines and mitigation costs.

Even if the information is safely stored, an uncoordinated collection of tools can cause loss and degradation of company information, by creating information “silos” where only certain people have or understand the programs or data is distributed and lost.  For instance, multiple spreadsheets and databases can cause parts of the data to exist in various forms and locations, and not be updated consistently.  And, as users become more reliant on outside tools, the core company processes and information sources may get neglected and become unreliable and inaccurate.


Most employees do not maliciously or rebelliously step outside of business IT policies and put information at risk. They do it to get their jobs done. They are trying to increase their efficiency and work capacity, bypass the systems that don’t meet their work needs, or address needs that the company or IT department has not yet identified or resolved.

So what do you do about it?

  1. ASSESS the situation.  Find out what programs and services are actually being used in your company, who is using them, and why.  Talk to your employees, run system software inventories, and look at accounting records for purchase and subscription reimbursements.
  2. EVALUATE the risk. Identify acceptable standard of security for your information and determine whether those services meet your company’s needs.
  3. ANALYZE the needs that led to adoption of outside software. Honestly evaluate the usability, cost and feature set compared to your in-house resources to determine whether your employees’ “do-it-yourself” IT has actually uncovered a better tool
  4. EDUCATE users about the risks and potential consequences of unauthorized IT, what your company policies allow, and how to initiate consideration of a needed tool.

As tempting as it may be to take an “iron fist” approach to banning outside technology, you’d be better served to partner with your employees to determine what their productivity needs are and look at what can be done to address them.  Use this opportunity to innovate and create value for your employees and your business.

Simple solutions like allowing BYOD (bring your own device) can save time and money, and increase employee satisfaction and efficiency, while saving your company the cost of purchasing and maintaining phones.  A well–managed BYOD security scheme will go a long way towards monitoring and keeping your data safe.

The Application Services Group at River Run Computers are experts at work-flow and process analysis, change management and user education. We are happy to work with you to assess the extent of Shadow IT in your firm, and make recommendations to help you with your employee productivity needs.

Want to learn more? Our team is ready to help you! Give us a call or visit our Contact Us page to submit your information. 

Topics: Security, Shadow IT

Most Popular Posts


* indicates required

Posts by Topic

see all