A Quick Guide To Shadow IT For Your Business


If your organisation is using productivity tools, then you need to make sure robust enterprise security is in place too. As cloud-based communication and productivity applications proliferate, start-ups, entrepreneurs and small businesses, in particular, are co-opting SaaS tools as efficiency enhancers. Known as “shadow IT” these ungoverned and unapproved solutions can be leveraged to provide a competitive edge if fortified with the right security protocols. Here is a quick guide to Shadow IT for your business:

Join our Business Achievers community and get access to downloads to help your business, free online training courses and network with members to help grow your business. 

With agile being the buzzword across enterprises, there is a new challenge for leadership: is it important to encourage employee productivity or to protect the company from security threats?

The Entrust Datacard Shadow IT Report 2019, “The Upside of Shadow IT: Productivity Meets Security” reveals just that. As the number of workplace technologies grows, security that preserves innovation and collaboration while protecting data, managing identities and securing systems is needed to ensure employees work more productively using preferred and approved tools, it says.

Of the 1000 IT professionals surveyed:

  • 97 percent agree that employees in their organisations are more productive
  • 96 percent agree they are more engaged and
  • 93 percent agree they are more loyal to the company long-term

 …when they’re allowed to use their preferred technologies at work.

77 percent believe their organisations could achieve an edge over competitors if company leaders were more collaborative about finding solutions to Shadow IT needs from both IT and non-IT employees.

Recommended reading: Key Tips For Cyber Security For Irish SMEs

What Exactly is Shadow IT?

Shadow IT is known by different names, grey, stealth, phantom rogue, citizen development (software built on low code platforms) and so on. It refers to applications, devices, and services that were initially used by employees covertly but are now used to let businesses meet customer needs, respond to competitive pressure, and enable employee productivity.

Think of:

  • Note-taking app Evernote or file sharing app, Dropbox
  • Productivity apps like Trello, Asana, Slack
  • Communication apps like Skype
  • Messaging apps like Snapchat, Whatsapp

The consumerisation of IT has expanded the meaning of shadow IT to include personal technology at work PCs, laptops, smartphones, tablets; the commoditization of basic managed services has seen the cloud host Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) -- both perceived as shadow IT.

Even self-developed Access databases and Excel spreadsheets and macros are viewed as shadow IT. Cloud-based connected applications accessed through open authorisation (OAuth tokens from Microsoft Office 365 or Google G Suite) are also examples of shadow IT.

In short, any solution that is outside the purview of protected systems, networks, security domains or physical locations or outside the reach of the IT department is dubbed shadow IT.

Is Shadow IT a Bad Thing?

While employees and departments that seek out solutions that help them keep pace with the speed of business cannot be blamed, any activity that shares files and data without the knowledge of the IT department risks data leakage and network vulnerability.

Malware, credential spills, hacks - the dangers of shadow IT was predicted by Gartner as far back as in 2016: By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.

However, the same report also advised with great foresight: “Companies should find a way to track shadow IT, and create a culture of acceptance and protection versus detection and punishment.”

True enough, almost half the respondents (42 percent) in the Entrust Datacard study say that a clearer policy describing how employees can request technologies would help them introduce new tools in a “more IT compliant” way

Recommended reading: How Small Businesses Can Protect Themselves Against Data Breaches

How can this be addressed?

Employees should be empowered to choose from a pre-sanctioned library of approved apps in the company’s internal app store. Needless to add, the applications should be protected with corporate authentication methods to eliminate the risk associated with using passwords across various public cloud apps.

For new apps, the IT department should be equipped with modern authentication platforms that can use protocols such as Security Assertion Markup Language (SAML) and Open ID to quickly connect the corporate authentication service. 

Cloud Access Security Brokers (CASBs), that link an organization’s on-premises infrastructure and a cloud provider ‘s infrastructure and introduce firewalls and authentication, further boost security.

The use of web proxy logs, network-aware monitoring tools and data loss prevention tools and regular vendor communication and application maintenance can also reign in reckless use of shadow IT.

Role of Business Leadership

However, it would be wrong to leave the entire burden of de-risking shadow IT on the shoulders of the IT department. An involved and open-minded C-suite will help to communicate the risks and rewards of shadow IT down the line.

With a majority of workers believing that their companies need to be more agile while deploying technologies suggested by employees, let us see how an agile leader would respond to the discovery/use/need for shadow IT in the organisation.

Track Usage, Assess Productivity, Respond Swiftly

For this, an agile leader will create strong communication channels to encourage users to report potential use, discuss benefits and even escalate issues to preserve enterprise security.

Demonstrate Oneness with Employees

If there are security risks, an agile leader will immediately provide feedback and take the necessary steps to mitigate risks. For instance, recently there was a furore when Microsoft announced that Power Platform users (on Office 365) could independently (bypassing IT admins) purchase their own licenses for PowerBI, PowerApps, and Flow, covering business intelligence queries and visualization, low-code application development and business process automation. After strong protests, it has now relented and granted admins veto rights on a per-product basis.

Listen Deeply, Unlearn Quickly, To Gain Insight

While learning continuously is the oft-quoted quality of an agile mindset, it is equally important to let go of what is not working; keeping tabs on emerging technologies and solutions that will scale with the organization is a must.

Embrace Change, Drive Value

The workplace may be changing, but values cannot be compromised. An agile leader may usher in the Bring Your Own Device (BYOD) practice or approve cloud services, but not before assessing and impressing upon the employees the value it brings;

  • user polls
  • data classification
  • data ownership
  • data encryption
  • backup and recovery
  • compliance and certification
  • training sessions
  • not to mention clear guidelines will precede change when an agile leader is at the helm.

Inspire Creativity, Help Innovation

Fostering an agile culture does not mean following project management principles. An agile leader will stress the importance of speed for business success. Aspiring to achieve business goals, with automation and productivity tools, including “secure” shadow IT, prompts creativity and commitment among employees.

Thus, shadow IT is an opportunity for innovation and a cost management technique that can help address specific pain points through quick to build and easy to deploy IT solutions on low code platforms, with participation from both IT and non-IT employees.

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 06 December 2019
If you'd like to register, please fill in the username, password and name fields.

Member Login

Business Insights & Tips


Jill Holtz
2343 Points
Tena Glaser
1395 Points
Michael Lane
802 Points
Ron Immink
732 Points
Fionan Murray
721 Points
View Leaderboard