Shadow IT: Why Users Go Rogue and What to Do About It



A new study by ZDNet shows that 90 percent of cloud services in use today at the enterprise are “shadow IT” services, where end users sidestep the central IT department to provision their own cloud computing-based solutions.

To what extent is shadow IT on your radar?

Mention it to anyone in the IT department, and you’re almost guaranteed to provoke a strong reaction. Mention it to your average enterprise employee, however, and you’ll likely get a blank stare.

While the term may not be familiar to most workers, the practice probably is. Thinking about your own day-to-day tasks, are there cloud applications you use that your IT department doesn’t manage, and may not know about?

Some of the most common examples are file storage apps, instant messaging apps, and CRM tools. Are you running services like Box, Skype,, or Google Apps for work use?

As far back as 2012, nearly half (43%) of IT leaders in a Rackspace survey said they were aware of employees using cloud computing services or resources not provided by their organization’s IT department.

And Gigaom has just completed a survey (Nov. 2014) that gives a very current picture.

Here are some stats that might surprise you:

  • 81 percent of line-of-business employees admitted to using unauthorized SaaS (Software as a Service) applications.
  • 38 percent of line-of-business employees surveyed use unauthorized cloud apps because the IT-approval processes in their companies are too slow.
  • 70 percent of unauthorized access to data is committed by an organization’s own employees.

There is a litany of reasons why shadow IT gives the real IT department nightmares. Among them:

  • Inadequate security controls. Shadow IT creates governance, compliance, and operational efficiency risks. The tools employees are choosing often lack critical security features and under 10%, according to a recent survey by Skyhigh, “… fully satisfied the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. Only 11 percent encrypt data at risk, only 16 percent provide multi-factor authentication, and only 4 percent are ISO 27001 certified.”
  • Lost productivity. Users aren’t IT experts. When they take apps and tools into their own control, they burn time setting up and administering often-unfamiliar systems. This translates into hidden costs for the company.

Disparate data and data loss. Joe keeps his content and data in his instance of a cloud tool. Jane has hers spirited away too. It becomes hard to ensure consistent backup practices, makes it tough to analyze data, and means that when an employee leaves the company, their information fiefdom may go up in smoke.

The list goes on.

The other side of the coin

So what’s driving the need for shadow IT? Why do users help themselves?

It’s about the path of least resistance. Line-of-business owners and employees are driven by and evaluated on criteria that usually pertain to things like business development, customer service improvement, and revenue growth. They need to get products and services to market quickly. By handling cloud apps themselves, those apps become both self-serve and on-demand.

If what the IT department has to offer doesn’t stack up – in its suite of available tools, in its approvals timeframes, and in its service speed – users will continue to seek and source outside options they can manage on their own. The only justification they need, at least to themselves, is getting the job done, and done on time.

Among Gigaom’s recommendations: “If an organization is to be successful securing its cloud-based assets, data security in the cloud must be a top-down priority in the organization. IT alone cannot properly enforce a strict security standard because to be successful, data security must cut across a business’s organizational lines.”

Enterprises need to get a grip on shadow IT cloud app usage, and today, it’s possible to do so. The tools workers need to get their challenging jobs accomplished can, and must, be managed by IT. When that happens, cloud apps won’t cause governance nightmares; they’ll drive real innovation.

About Ali Rehman

@AliRehman81 is the Enterprise Social Marketing Manager at BlackBerry. He is involved in managing social media program for the B2B community. Also focusing on developing engagement and awareness across various social properties. Outside of work he is a massive aviation fan and big supporter of the 'Blue Angels (USN)' aerobatics team.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus