What is 'Shadow IT' and why you should care

entrepreneurship May 10, 2021

We always hear about how technology is growing by leaps and bounds and it's often difficult to keep up with new platforms, apps, formats and, even sometimes, concepts. We understand that, and that’s why we're here to help you and keep you in the loop.

One of those terms you may have faked recognizing when talking to colleagues in your industry may be Shadow IT. What's that? We'll tell you not only what it is, but what you can do with this new information.

In its most basic form, Shadow IT is defined as the use of systems not authorized or developed by the IT department within an organization. This usually occurs, of course, in other departments of the company and happens when looking for greater productivity or innovation.

But then, is it something we should be concerned about or something we should be promoting? Moreover, how do we know when Shadow IT is being practiced?

Whenever we circumvent or avoid the protocols given by the IT department, we are practicing Shadow IT. Whenever we use additional software to that provided or authorized by the IT department, whenever we make use of it using credentials other than the corporate ones (for example, when we test our application from our personal email) we are committing this act.

Shadow IT should not be something to ignore, as the protocols created (when applicable) have been established by company experts for a reason. This reason may be to keep track of processes, to standardize work methods and maintain efficiency, or for security reasons.

So, if your organization is a media outlet dedicated to investigative journalism, for example, information is your most valuable asset, and security should be one of the highest priorities, if not the highest. How could Shadow IT affect you in this instance? A news story that is shared outside of security protocols could run the risk of leaking information and losing the scoop. Data from sources that are not processed with the corresponding security could compromise the integrity of the source. Not keeping up to date with the security of the media site or using other software for this same process could result in the site crashing or collapsing after a revealing investigation.

Classified newspaper page
Photo by AbsolutVision / Unsplash

But not everything is negative, and much of the use of Shadow IT depends on the nature of the company and the context in which it operates. As mentioned above, much of the practice of Shadow IT occurs organically in search of greater productivity, efficiency and innovation. Thus, when in large companies, departments such as design or sales find SaaS alternatives that were not provided by IT but that allow them to do their work more efficiently, they will most likely make use of those services.

In a start-up context it is even more likely that Shadow IT is a common practice, especially when it comes to remote work situations. Finding out in early stages what works and what doesn't is part of the formation of the company and of a future rulebook that will later allow standardizing processes.

With the above in mind, rather than heading in a specific direction with regard to Shadow IT, we recommend that you consider its existence, the risks involved in its use, and the benefits it can bring. Do you have processes you want to maintain or do you handle very sensitive information? Emphasize security protocols in the onboarding process of new employees and hold frequent workshops to reinforce the idea in your employees and colleagues. Are you in constant search of innovation and experimentation? Try all possible alternatives, but be aware of the extent to which you want to expose yourself and your company.

What about you? How do you manage Shadow IT in your company?