The Risks and Benefits of Shadow IT

Shadow IT is the term used for Personally Identifiable Technology (BYOD), applications and software or services that are backed by a third party rather than an organization’s IT vendor or technology department.

In recent years, social, mobile, analytics and cloud technologies (SMAC) have been key drivers of innovation (and disruption). Mobile and cloud services have given end users the ability to access data and perform their work tasks from almost anywhere. As a result, enterprise applications have shifted from corporate firewall security to public software-as-a-service (SaaS) solutions for everything from accounting to human resource management.

These technology trends have also led to a “consumerization” of IT, where end users expect a fast, easy-to-use, mobile first experience. These expectations can lead to frustration with outdated technology that may not work as well for employees on the go.

End users prefer the simplest solution. Why look for a work-related device when your phone or tablet is on the desk? Thanks to Apple’s App Store and Google’s Play Store, employees have access to literally thousands of applications that they can quickly install and use to get their jobs done, all outside of the network perimeter. Why is this a problem?


There are several problems with shadow IT. Users who choose their own applications can open companies to security problems, prevent them from complying with legal regulations and negatively affect other users in their company without meaning to. Here are some of the ways Shadow IT can impact your business:

security – Unsupported hardware and software are not subject to the same security measures as supported technologies. Without the ability to monitor and control application usage, software and apps that contain business data and integrate with existing business applications are at risk of cyberattacks and malware infections. This leads to wasted time, lost productivity, lost revenue, and lost reputation.

BACA JUGA:  Importance of payroll and its services to small businesses

attention – The governance and compliance risks of shadow IT are extremely serious as sensitive data can be easily uploaded or shared. There are no processes to ensure data confidentiality or access policies when an employee stores company data in their personal DropBox or EverNote account. Violations resulting from non-compliance with compliance policies can result in significant fines.

workflows and processes – Technologies that work without the knowledge of an IT department can negatively impact the user experience of other employees by consuming bandwidth and creating situations where network or software application protocols conflict. Additionally, IT support teams may not be willing to find answers or solutions when end users have problems with unsupported tools. This slows down employees and puts an additional strain on IT.


For all the risks that Shadow IT brings, it also holds the potential for rewards. New applications can revolutionize processes and enable employees to work smarter and more efficiently. This requires a careful balance between management and flexibility.

Most end users do not equate extreme consequences to the use of certain applications or devices. IT has to be flexible and communicate well here. Rather than telling end users they can only use one system for work, be clear about what type of data can be manipulated in unsupported applications and what data should remain safe on your supported network. Be sure to identify acceptable uses in your Acceptable Use Policy.

It’s time to break out of the shadow IT denial phase, and communication is key. Educating end users and providing clear, concise information usage policies can help you develop enforceable boundaries. Take the time to understand employee processes and needs. Research and use solutions that meet these current and future needs. Combined with a solid cloud and SaaS application strategy, this can push your end users and data back.