Skip to content

The IT Leader’s Guide to Managing Shadow IT


November 29, 2022

5 minute read


Shadow IT has been a concern for companies ever since employees started using internet connections, but it’s become especially pressing over the past several years. Simply put, shadow IT is any hardware or software that hasn’t been approved by your central IT department. But despite its menacing name, shadow IT usually doesn’t enter the company infrastructure for sinister reasons.

When faced with tight deadlines and key responsibilities, employees may engage with technology that helps them work more efficiently. Maybe they’re organizing client data or editing a piece of content. They might not even be aware the app they’ve just downloaded is unapproved. But how do you know that unsanctioned app doesn’t expose the company to security risks? By the very definition of shadow IT, you don’t.

Factor in the multitude of staffers working remotely since the COVID pandemic, and you can see why shadow IT has surged. Remote employees generally want to remain productive, but working outside headquarters, they’re more likely to bypass getting the IT department’s approval when using some unsanctioned app. There’s a good chance they’re unaware of the risks involved. But they could be using that unsanctioned app for file sharing purposes over Wi-Fi at a coffee shop or an airport lounge, leaving company data vulnerable to bad actors.

Fortunately, there are ways to reduce shadow IT usage and optimize user experience for your employees. BetterCloud is here to guide you through this rapidly evolving technology struggle.

What is shadow IT?

Shadow IT is any unapproved information technology that hasn’t been initiated by the IT department. Shadow IT occurs in various forms; of them all, apps are the most significant starting point.

The increase in shadow IT dovetails with the rise of SaaS (software-as-a-service) in the workplace: cloud-based apps like Slack, Mailchimp, and Zoom—to name a few commonly IT-approved examples.

According to recent BetterCloud research, the number of SaaS apps active on corporate networks averaged three times the amount IT departments were aware of. As new workflow demands present themselves, new, hyper-specific SaaS apps emerge. And employees start using them.

Additionally, shadow IT includes blind spots like:

  • Unsanctioned accounts started by employees. For example, let’s say one of your employees needs to file expenses from a business trip, but has lost the login info for the account assigned to them via corporate. They hurriedly file expenses with a new, unapproved account they’ve created on the spot. This could cause headaches for the expense department, or even expose company credit cards.
  • Work on personal devices done without following company protocol.
  • Customized IT integrations that don’t follow company guidelines. Employees may take it upon themselves to reconfigure approved software and apply it in ways IT isn’t prepared for, perhaps to share files with a collaborator.

As threatening as this all sounds, shadow IT can offer unique opportunities for your company to innovate against your competition. We’ll explore the benefits of shadow IT in a bit, but first, let’s delve into the hazards.

The risks shadow IT introduces

A good IT department protects your company from security risks. Shadow IT exists outside the IT infrastructure. An IT department can’t fight what it doesn’t know exists.

This lack of visibility opens up the whole company to risk, including the secured parts. For example, a worker could create an account with an unsanctioned app, and then—making matters even worse—grant it access to sanctioned company apps like Dropbox and Google Docs. When this happens, even the data from the sanctioned apps is exposed to bad actors.

This is where the risks of OAuth really come into play. OAuth is open-standard authorization—aka, those speedy app sign-up procedures that “only” require passing along some personal information, like your Google or Facebook credentials. Let’s say an employee is in a rush to organize a set of client data, and signs up for a rogue app using their company email. Whatever that info was—home addresses, credit card numbers, etc.—is now vulnerable, along with swaths of other company data if a hacker was to get inside. Since that rogue app can’t be seen by IT, IT cannot track or disable it. Even if that employee is offboarded, the rogue app will remain within your network.

Shadow IT presents additional concerns for companies that need to adhere to data compliance regulations. If employees have been using unapproved IT to handle sensitive data, the company could risk fines and penalties.

The benefits of shadow IT

Pretty scary, huh? Well here’s the part where we let you in on a secret: shadow IT can actually give you a leg up on your competition.

When an employee seeks out information technology that isn’t already provided by the IT department, they’re sending you a message: I’d like to do my job more efficiently, and I’ve found a resource you didn’t give me which lets me do that. The vast majority of workers aren’t engaging with shadow IT for nefarious reasons; in fact, most of them are probably oblivious to the risks at hand. And without knowing it, they could be tipping off IT to something valuable that’s missing from the infrastructure.

A good IT department maintains a healthy dialogue with company employees; in this shadow IT scenario, that relationship is paramount. If employees feel kept in the loop with IT through instructional meetings about best practices, calls for feedback, and friendly, regular conversation, then shadow IT is much more likely to be turned into an asset. Maybe it’s an app, new to the marketplace, that performs a very specific task relevant to your workflow that one intrepid staffer has uncovered. Maybe a developer has found a way to expedite their workload when building outside the company’s internal channels.

Of course, a lot of shadow IT won’t be useful to your company at all. Some might present a bit of utility, but be far too risky to consider implementing. In order to sort this all out, you need to know what’s going on beneath the hood of your environment.

Using a SaaS management platform like BetterCloud, you can discover what apps are being used, and then optimize as best suited for your company.

Tips for managing shadow IT with BetterCloud

BetterCloud’s Discover grid view allows users to see what apps are living in their environment, as well as who is using them and what kind of access they have. This includes shadow IT! When deciding which, if any, shadow apps you’d like to integrate into the company, BetterCloud lets you see who’s using that app, what credentials they have, and other crucial details.

Remember all those scary statistics about shadow IT popping into your network undetected? BetterCloud creates alerts to notify IT whenever a new, unsanctioned app is discovered, allowing for real-time security measures. Using the Discover module, BetterCloud has helped customers uncover over 40,000 different types of SaaS applications with access to their environments.

BetterCloud also has your back in the struggle against OAuth, and the otherwise well-meaning employees who hand over credentials to unknown apps. Whenever a staffer uses company credentials to login to a suspect, third-party app, an alert is triggered, notifying IT. This alert kicks off an automated workflow, which logs the employee out of the app, and sends them an email getting them up to speed on the risk of using unsanctioned apps.

Fostering lines of communication is key for flipping shadow IT from a weakness to an asset. Well-meaning employees who engage with unsanctioned technology should not be made to feel intimidated by the IT department; they could wind up being the source of your next breakthrough! Using BetterCloud, your company can safely leverage new technology to innovate, stay competitive, and provide a great employee experience.

To learn more about how an SMP can secure shadow IT within your company and more, schedule a demo today.