Shadow IT — Enterprise IT’s love/hate relationship

You’ve probably seen ‘it’. You’ve probably been a part of ‘it’. The bigger your business gets, the bigger the shadow. It’s ‘shadow IT’… 🦇

Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization. It can encompass cloud services, software, and hardware — CISCO

Shadow IT can be seen to be highly disruptive to a business or a massive opportunity for the business to sky-rocket their capabilities, reduce costs, or even make the lives of their employees easier. In this article, we’re going to talk about why shadow IT can be disruptive, why it occurs, and how to make the most of it when you see it!

Why Shadow IT can “hurt” your business

Imagine you let your friend borrow your car and the next time you drove it, it's suddenly dangerously faster because your friend gave you a secret ‘upgrade’ to your engine. There are a few things you might be thinking:

  1. How much is the upgrade going to cost me? Does it consume more fuel?
  2. Is this upgrade even legal?
  3. Will this vehicle be controllable?

This analogy is very similar to the question an IT team may ask when new software or infrastructure is being adopted without authorization from the IT team. Adopting non-compliant technology could lead to some issues such as:

  1. Wasted technology spending
  2. Legal ramification due to breach of IT governance requirements
  3. Loss of productivity due to overlapping system capabilities
  4. Security vulnerabilities

But why does Shadow IT happen?

Like how weeds grow on a lawn, Shadow IT slowly grows unnoticed until it gets almost unmanageable. Shadow IT often occurs when compliant technology does not meet the functional requirements of staff. For example, if Microsoft Teams is limited to intra-company communication. If a staff member needs to communicate with multiple 3rd party organisations, they might decide to set up a Slack account for Slack’s multi-workspace capabilities.

So how is Shadow IT managed? and how can you make the most of it?

The great thing about Shadow IT is that when it becomes an issue, it often means there is a high-level adoption of the technology in the business, and incorporating it into your business-compliant technology stack could help realize multiple benefits such as:

  1. Reduced costs when consolidated under an enterprise contract
  2. Reduced security risks and attack surfaces
  3. Compliance with IT governance requirements

In order to achieve these benefits without the negatives associated with Shadow IT the following steps should be followed:

Shadow IT Management Process —
  1. Discover and Identify — The first step is to improve your business's ability to detect non-compliant technology. This can be done by implementing monitoring tools such as ManageEngine
  2. Evaluate and Analyse — At this point, you or your IT team can begin to identify compliance risks and benefits of the technology. During this phase if the technology is identified that cannot hold up to your business's compliance requirements, usage of this technology can be banned/blocked. On the other hand, if the technology could be compliant, it might be beneficial to adopt it.
  3. Manage and Continuous Monitoring — Managing the technology could mean adopting the technology into your list of compliant technologies. This could include adopting enterprise-level contracts to reduce costs, enabling integrations with the compliant systems to improve interoperability, virtualising the technology to increase security, and adding single-sign-on to improve productivity.

If managed correctly, Shadow IT can be very beneficial for an organization. Shadow IT is often an indicator of growth within a business unit or team and in order to capitalize on this opportunity, all businesses should adopt the above three steps!




Kinetics is an adaptive workspace for your team to collaborate & scale seamlessly with technology.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Crypto Security: Protect Yourself in the Digital Space

Introducing HackenVPN — Free VPN service for Hacken Club Community

How to Encrypt and Decrypt application password using Python

Role of Age Verification Solutions in Protecting Minors

Role of Age Verification Solutions in Protecting Minors

How to File a Dispute Report on Your Early Warning Services Consumer Report

There is a Silver Lining in the Retracement of DRIP’s Price

HackTheBox Writeup — Forest

GDPR can foster innovation and breed new business models

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kinetics Software

Kinetics Software

Kinetics is an adaptive workspace for your team to collaborate & scale seamlessly with technology.

More from Medium

African Activist Calls Out Biden & Shaun King On MLK Day For Silence On 17 Victims Of Bronx Fire

5 Things Digital Writing and the Hubble Space Telescope Have in Common

Gameplay Journal #6

“It all depends on the weather”; Amateur Radio is anything but Amateur ~ these guys and gals are…