Digital Security

Shadow IT: What is it and why is it a problem?

security blogs Shadow IT

Shadow IT is just that — workplace applications that are not seen and not approved by IT operations or company leadership.

The growth of cloud-based software, along with the continued outsourcing of enterprise data services, has led to an explosion of shadow IT problems for large enterprises. According to a 2014 survey conducted by PMG, 53% of IT professionals now report that all departments within their organization rely heavily on some form of unauthorized technology[1].

According to Gigacom Research, 81% of line-of-business employees admitted to using unauthorized SaaS applications[2]. For critical tasks, such as file storage and transfer, this is a huge problem.

Now while Shadow IT sounds very malicious, it usually is innocently deployed. Most of the time, it is born within an organization simply because employees are trying to be productive. For example, have you ever worked at an organization where you used foreign cloud storage or work collaboration platform to share and send files to another colleague? I must admit, I have. It’s just so easy to use the consumer-oriented cloud file transfer platforms when we’re in a time crunch. Plus, we’re just so used to them in our daily life that it’s easy.

However, as we are increasingly discovering each day, shadow IT programs like these are far from secure. Using the common cloud drive for business purposes could jeopardize confidential consumer or internal data, even if you’re keeping confidential data separate.

Furthermore, it could compromise your job. IT professionals are frantically looking to overcome this obstacle by proposing innovative, and easy-to-use, enterprise solutions to mitigate the risks of Shadow IT hurting company productivity – or worse. Before you unknowingly, or apathetically become a proponent of shadow IT, know the threats.


Hosting and moving files using an open consumer file sharing platform, for example, can lead to serious security risks. When employees and departments start ‘piece-milling’ enterprise software solutions together that are not approved by IT, sensitive client and internal data can be made susceptible to breach.

For example, copying and manipulating internal pricing data on a private laptop and sharing your work on an unsecured cloud-drive file with another colleague may be convenient, but it creates blind spots for your company’s firewall. The risk for intrusion increases exponentially with the practice and use of Shadow IT, no matter the intention of the initial investment.

Hidden Costs

While investing in an unapproved and ungoverned software program may seem like a step toward in efficiency when trying to complete a specific project or send a large file, it often has hidden costs. Large organizations often end up having numerous user licenses to a certain Shadow IT platform that should otherwise be purchased under a single, IT-controlled corporate license.

Investing in a license for a new off-the-shelf enterprise file sharing solution that is not approved by IT will ensure that mass adoption and use of this platform will not occur; severely mitigating the ROI. By side-stepping IT governance, organizations waste an incalculable amount of money in lost time, duplicate license costs, and lack of overall scalability.

An Inefficient Workspace

In my own experience, I have seen technology leaders fumbling over their own operational working model due to investments in shadow IT throughout the organization. Employees in Europe decided to purchase a file-sharing license that differed from what was used in North America, and offices in Asia had made their own autonomous decision as well. Before IT knew it, we had three different file sharing and workspace platforms. When updates were made to key pieces of content, only a portion of the company was informed.

If someone left the company, access to key areas and materials was lost. Outside of being a complete waste of money and a security risk, it was horrible for coordination and integration. While, being a global enterprise certainly demands a degree of agile thinking and regional autonomy, be careful to make coordinated decisions when taking file sharing and workspace platforms virtual. Doing so will allow central IT to control quality and manage costs; leaving you to focus on collaboration.

Discover 6 ways to achieve smarter, more secure API management.

Survey PMG
Gigacom Research – Nov 2014