L1 North Tower, 527 Gregory Terrace

Fortitude Valley,

QLD 4006

What is Shadow IT & How Can I Stop It From Being a Risk?

What is Shadow IT & How Can I Stop It From Being a Risk?

Is your business at risk of Shadow IT? When you’re planning technology infrastructure, the cloud applications your team uses are a big part of that. You want to ensure they make sense for your needs and all work together in an integrated fashion. Another big concern is your application security and protecting your accounts and data in cloud services from being lost or compromised.


It’s challenging enough to do that with the applications you know about, but what about the ones your employees are using for work without your knowledge. When employees use applications that haven’t been approved by your company and without the knowledge of your IT department or service provider, it’s called “Shadow IT”. 


Shadow IT is the part of your tech infrastructure being used “in the shadows,” and because you don’t know about it, you can’t secure it.


While shadow IT was a big problem even before the pandemic, the need to have everyone work from home, many on their own personal devices, has made the problem even worse.


Here are a few alarming statistics about Shadow IT from McAfee:

  • Shadow IT use is approximately 10X the size of known/approved cloud IT use.
  • 80% of employees admit to using cloud applications at work without getting IT approval
  • As much as 40% of IT spending occurs outside IT department view 

Why is Shadow IT Such a Risk?

  • You don’t know where business data is being stored
  • Cloud apps being used by employees could lack proper security
  • If the employee leaves, no one else may have the account login
  • Shadow IT isn’t integrated with your other cloud apps/processes
  • You can’t back up or protect what you don’t know about

How to Control Shadow IT at Your Brisbane Business

In order to put systems in place that control shadow IT, you have to understand why it’s being used in the first place. 


If you just tell employees to stop using cloud apps without approval, they’ll most likely stop for a short period of time and then fall back into their old habits if the underlying reasons they used them in the first place aren’t addressed.


Employees don’t usually use cloud apps for bad reasons, often, they’re just trying to do their job. Here are some of the reasons shadow IT is adopted:

  • There is no available approved app to do a specific task
  • An approved app is difficult to use or lacks functionality
  • No one told them they can’t use cloud apps for work without approval
  • A free trial has run out on an approved app, so they find something else to use
  • They asked if they could use an app, but never heard back, so they just started using it anyhow

Here are some steps to take to eliminate the risk of shadow IT in your business, while also addressing the reasons that cause it to be used.

Find Uses of Shadow IT

You first need to know what you’re dealing with when it comes to how many cloud applications are being used at your company that aren’t officially part of your IT structure.


It’s smart to take two different approaches to ensure you’re finding all uses of shadow IT, plus inviting your users to contribute their opinions on all your cloud applications.

  • Take a User Survey: Explain to employees that you’re optimising your cloud use. Ask them to list every app (approved or non-approved) they use in their work. Have them include a rating from 1 to 5 for how helpful it is and provide feedback.
  • Use a CASB to Detect Shadow IT: A cloud access security broker (CASB) is an application designed to secure all your cloud applications. It can detect the use of shadow IT as well as evaluate cloud apps for risk and compliance. 

Evaluate Both Approved and Shadow IT 

User input on your cloud infrastructure is invaluable because it gives you insight into what’s working and what’s not. You could be paying for an expensive SaaS (Software as a Service) subscription that you think is invaluable, only to find out that users hate it and find it difficult to work with.


Evaluate your user input on both your approved applications and shadow IT. Have shadow IT reviewed by your IT team or outside IT provider for security, compliance, and ability to integrate with your processes and other apps.


Make changes where needed in your cloud subscriptions and officially approve any shadow IT you’re planning to adopt.

Decommission Non-Adopted IT

For any shadow IT that you’ve decided not to adopt, have the employee using it close their account and ensure data has been migrated to an approved app. You don’t want business data out there that could be compromised later in a breach of a cloud service you don’t even know about.

Set Up a Shadow IT Use & Approval Policy

Two of the biggest reasons that employees use shadow IT is because: 1) They don’t know they can’t; and 2) They need to in order to get their work done.


Address both these reasons by setting up a shadow IT and cloud app approval policy.


Make sure employees know why it’s not okay to use shadow IT and how it can put the company at risk. Also give them a way to submit applications for approval that they’d like to use.

Ensure requests are handled in a timely manner so employees don’t get frustrated and just start using an app anyhow. Clear communication on cybersecurity and the importance of a cohesive cloud environment are key to successfully controlling shadow IT.

How Cohesive Is Your Cloud Infrastructure?

Do you have shadow IT being used that you don’t know about? Are you struggling with a cohesive cloud strategy? Connected Platforms can help with smart and secure cloud business solutions.


Want to learn more about shadow IT and implement an effective shadow IT policy in your workplace? Contact our managed IT services team today for a free consultation. Call (07) 3062 6932 or book a coffee meeting online.

More blog posts

Duo of hoody wearing hackers trying to illegally access information | Featured image for Types of Hacker Attacks – Understanding Business Risk Blog on Connected Platforms.

Types of Hacker Attacks – Understanding Business Risk

As a business owner, one of the fundamental elements of owning your own business is understanding what risks you are going to be subject to. This is more so important for those businesses that rely heavily on internet-based software and programs, online data storing, and any sort of communications that take place using online connections.

Call Now Button