What is Shadow IT and how do I prevent it?

Send us a message

Give us a call to start making your technology easier and more enjoyable.

0800 160 1111


Shadow IT refers to the use of non-IT department approved software, applications, devices or systems being used by a department or individual. It can be referred to by other names including Stealth IT, Fake IT, or Embedded IT, but it has grown exponentially as more and more cloud-based consumer and business services are launched and with the consumerisation of information technology.

In simple terms, it refers to employees within a company downloading programmes or apps to their company devices or using personal devices, like smartphones, without IT department approval. Employees can almost become a little blasé about what they are allowed to do.


What is classed as shadow IT?

  • Downloading or signing up to cloud services including any software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS)
  • Purchasing and using any hardware including smartphones, laptops, tablets, PC’s or servers
  • Purchasing and using any off-the-shelf packaged software

So, what’s the risk?

Security. Whilst employees might think they are tech savvy, or may have used a service elsewhere, they can never be 100% certain that a security breach won’t happen due to their actions.

According to McAfee, the average company currently uses 1,083 cloud services in total; 108 known services, 975 unknown services.

Many cloud-based services allow access to file sharing, cloud storage or real-time collaboration tools. This gives potential opportunity for sensitive company information to accidentally become available to people who should not have access to it.

On top of that, wasted time and money become an issue where collaboration inefficiencies take place due to what is called App Sprawl. This is where too many different tools are being used that can’t talk to each other or use different file extensions.

IT departments need to understand what is being used in a business, how it is being used and who has access to use the features it offers, so that they can make the right decisions for the company.


The risks of Shadow IT

Are there any benefits to Shadow IT?

Shadow IT could be seen to help departments and colleagues collaborate quicker and become more productive, and companies become more agile. Of course, there is a fine line between whether you see this as a benefit or whether you feel that you are risking security.


Examples of Shadow IT

  • Cloud storage services – Dropbox, Google Drive
  • Communications apps – Zoom, Google Meet
  • Productivity apps – Asana, Trello, Slack


How can I prevent Shadow IT?

By locking devices to only allow administrator access to install new software and programs is a standard prevention method, as is having a separate network for personal devices and guests to connect to and making the companies private network available only to authorised devices. Training and education for employees is important. Employees should be aware of the risks around using technology that is not IT approved. Finally, add it to your company IT policy and recirculate it to every employee to ensure that prevention is top of mind throughout the business.

How we can help

At Windsor Telecom, we’ll help set up administrator access and guide you to put the right policies in place to ensure your business is safeguarded. We’ll whitelist applications which are employees are allowed to install or password protect those that are not.

We’re passionate about taking the worry of security away from our customers and by handling all their IT security concerns through tailored managed IT solutions. If this sounds of interest, please get in contact with us.