Skip navigation
security_laptop.jpg Getty Images

What Happened to Shadow IT Risks?

The pandemic caused shadow IT risks to fall off the radar, but the tug of war between IT departments and users remains an issue. Here’s how to protect users and organizations.

Prior to the start of the COVID-19 pandemic in 2020, IT pros commonly struggled to manage shadow IT within their organizations. While shadow IT doesn’t receive as much attention today, it continues to pose risks.

For those who are not familiar with the term shadow IT, it refers to the deployment of technology within an organization without the IT department's oversight. Traditionally, IT departments had total control over an organization’s computing resources. However, as users grew more knowledgeable about technology and technology became more readily accessible, the IT department lost some of that control. If users didn't like the IT department’s rules, they could often find workarounds. For example, users could sign up for a cloud service that the IT department would have otherwise prohibited, and the IT staff would have no idea about it. So, shadow IT essentially refers to users going behind the IT department’s back and doing things their own way.

Interestingly, shadow IT risks have not been a big topic of conversation over the past couple of years. In some ways, it is completely understandable.

Ever since the pandemic started, many users have worked from home on their personal computing devices. This type of remote work has sometimes been discussed as an extension of the old bring-your-own-device (BYOD) trend. It’s different than BYOD, however, because users are supplying their own devices, their own connectivity, and oftentimes even their own applications.

These days, enterprise IT seems preoccupied with keeping datacenter and cloud workloads secure and ensuring that the VPN stays up. Nobody really cares what type of device a user is working from, so long as the organization can protect its infrastructure and data.

Shadow IT Today

Since so many of the resources that workers use every day fall outside of an IT department’s control, is shadow IT is no longer an issue today? Perhaps it isn’t. Remember, shadow IT refers to the act of intentionally circumventing restrictions that an IT department has instituted. It is not tied to any specific technology.

According to November 2021 research by Venn, a provider of virtual desktop alternative technology, 71% of U.S. users have intentionally circumvented IT policies in an effort to be more productive or get their work done more efficiently. While the research looked at users in the U.S., I can’t imagine that the findings would be much different internationally.

Most users are under tremendous pressure and strict deadlines to get their jobs done. They view IT policy as a bureaucratic roadblock that serves no other purpose than to keep them from doing their work proficiently. It’s no wonder that so many users try to circumvent IT policies. I wouldn’t be surprised if the percentage of users who bend the rules for productivity’s sake is in fact higher than what the Venn research indicates.

How to Combat Shadow IT Risks

Of course, this research raises questions about what IT pros should do about shadow IT.

My first bit of advice is to give users as much freedom as possible. Sure, the IT team needs to keep everything secure and compliant with regulatory requirements. However, try to avoid introducing any restrictions that make users’ work more difficult than necessary.

IT pros can also worry less about detecting shadow IT and worry more about accommodating users’ needs. If workers use a particular cloud platform without IT’s consent, try to find out why. There may be a way to allow users to keep working from that app without putting the organization or its data at risk. If for some reason the app cannot be secured, then maybe the IT department can offer an alternative app that has similar functionality yet meets security requirements.

Ultimately, shadow IT is a very difficult battle for IT to win. The Venn research that I cited above would seem to suggest that most organizations have a shadow IT problem, even if they don’t realize it. Somewhat ironically, tightening the reigns only seems to make users more inclined to resort to shadow IT practices.

The key to reducing shadow IT risks is twofold: Minimize IT bureaucracy and collaborate with users so they can access the tools that will make their jobs easier.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.