Skip to main content
Back to News

What is Shadow IT?

7th September, 2020

Ultimately, there has to be a balance between protecting the company’s assets and enabling staff to do their job.

Have you come across the term “Shadow IT” before and wondered what it is? Even if the answer to that is “No”, you definitely need to be aware of it and the implications for your business.

So, what is Shadow IT?

It is a relatively generic term, referring to equipment, applications or operations used in your business, but sitting outside your approved and recognised IT estate.

What that looks like in reality could be one of the following…

The PC sitting in the corner running a package that you thought you had replaced years ago, but Ted in Accounts prefers the old system. It might be that a small department have decided to use an unauthorised but free file sharing solution because they don’t like the security restrictions set up by the IT department. It could even be that your procurement process for hardware or software is just so cumbersome everybody has chosen to bypass it.

And that’s before we mention one of your fellow directors who has decided to use his home computer to produce the highly confidential reorganisation report…

Why does this happen?

Most commonly, staff, with the best of intentions, are looking to just get the job done. They want the quickest and simplest way of doing things, without appreciating the bigger picture, or the implications.

Why does it matter?

The biggest issue is the lack of clarity around where your data may be stored. Equally, there could be parts of the business reliant on software that is not properly licensed or supported. Picture your need for an urgent finance report, only to discover that it’s on unauthorised software, created by a user on leave and you have no clue how to access it.

Couple that with the possibility of old hardware that could be using out of date operating systems that are no longer supported.

And that’s before you get started on data protection, data privacy and intellectual property issues.

So, what can you do about all of this?

Whilst you could offer your staff an amnesty – asking them to confirm any unauthorised software or systems that are being used, it’s not an ideal solution. If you chose this approach, you would need to make it clear that there were no disciplinary consequences for them doing this, as you would want to achieve full visibility.

If you did choose this approach, we suggest talking to staff about why they have chosen specific apps, as you may discover that what they have found is a better solution than the current company approved one.

Having a strict policy which clearly lays out rules and guidance is one way of stopping any employee from downloading software or applications that are not company approved. In fact, you could restrict all users from having the admin rights to do this – leaving it to the designated IT person.

In practice, none of our customers take this approach. They all find it too cumbersome and too restrictive.

Ultimately, there has to be a balance between protecting the company’s assets and enabling staff to do their job.

One of the ways we often overcome this is by setting up a separate admin account. Logging in using this account enables staff to download the software or application, but doesn’t leave the door open for a hacker to access email or data, or infect the IT with a virus. Once the app is downloaded the staff logout and go back to their own user ID.

Our helpdesk software is set up to constantly monitor our customers’ hardware to check for any vulnerabilities. Likewise, we are able to ensure all of the software is updated to the latest version, and highlight any issues or risks. This is done on a continuous basis, with us often identifying and fixing problems before the customer is even aware.

When we start working with a new customer, we would carry out a full audit to identify any potential issues before we undertook any development or support.

If you would like to find out more about the risk of shadow IT and how to mitigate risk in your business, please call us on 01784 437 123.

Related articles

Case Study 2: Building Success with Microsoft Copilot

See how fictional UrbanBuild Constructions leveraged Microsoft Copilot to transform their construction project management, resource planning, and financial oversight. This case study of founder Alex Rodriguez highlights how Copilot's AI-powered tools helped them complete projects faster, optimise resources, improve budgeting, and set their growing company up for long-term success.

Read More

Case Study 1: Navigating Success with Microsoft Copilot

See how embracing Copilot helped streamline operations, improve efficiency, boost customer satisfaction and lay the foundation for growth.

Read More

IT Automation and Apps

Businesses are adopting IT automation and apps to enhance efficiency. IT automation uses technology to streamline tasks, while user-friendly apps play a key role. Benefits include increased productivity and enhanced security. Choosing the right apps involves considering compatibility, functionality, ease of use, scalability, and security.

Read More

Cyber Essentials and Cyber Essentials Plus

Obtaining both Cyber Essentials and Cyber Essentials Plus certifications can be beneficial for organisations, as they provide different levels of cybersecurity assurance and serve distinct purposes. They are schemes developed by the UK government to help organisations, both in the public and private sectors, improve their cybersecurity position. These schemes are designed to provide a…

Read More