Shadow IT

Shadow IT, once confined to unapproved macros in MS Excel has now grown exponentially over the
years becoming a major part of IT firms and introducing new security risks arising from unsupported
hardware or software.

What is Shadow IT?
It is any hardware or software inside the organisation which hasn’t yet been approved by the IT
department of that organization, thus, information technology projects managed without the
knowledge of the IT department.
The rise in Shadow IT and its increased usage was due to desire of the employees to get direct and
instant access to any software or technology without the need to go through any corporate
channels. Recently, this has spread to the need to use their own personal technology at work (such
as BYOD).
A McAfee sponsored study brings out 6 key points on Shadow IT and its true nature.
1.   More than 80% of the surveyed respondents admitted using it.
2.   The biggest users are not the general users, but they are in fact the… IT employees!
3.   There is no clear communication or rules regarding SaaS policies.
4.   Employees do not want to put their organisation at any risk, they just want to get their work
done comfortably.
5.   Web based analytical tools, word processing/spreadsheet tools and even web conferencing
platforms are the most common types.
6.   Around a half of the surveyed individuals recognize the risks of Shadow IT but even this
sense of risk is not stopping these employees from deterring from its usage.

By 2020, 40% of the IT budget will be spent outside the IT department according to estimates. With
this widespread use to Shadow IT, the risks it brings along has become quite obvious. It can easily
become a barrier to an enterprise’s IT compliance, such as when a user is using Google Drive for
storing company data in place of the company provided cloud storage service(s). It can also impact
the experience of other employees in the organisation. Free flow of data across the organisation
may be hampered and monitoring of such data flow can become a concern.
But, even with the severity of the risks involved, it is necessary to understand that the world will not
recognize a ban of Shadow IT, if ever there is going to be one. It is here to stay, that’s for sure.
Employees will not stop bringing or using their own personal cloud services or their mobile phones
or tablets at work. The best IT organisations can hope for is to embrace Shadow IT and create
restrictions at proper junctions. After all, Shadow IT is making employees more innovative at their
work and making their jobs a little more likeable, thereby, increasing the overall productivity.


Arshad Ahmed
IIIT Allahabad,
MBA-IT/Semester: 04, IMB2013023