Shadow IT

Shadow IT

In the office or remote, do you know what apps, services, and networks your teams are using, and what company data is being shared with third parties? If the answer is “not entirely,” it’s time to address your Shadow IT strategy.

What is
Shadow IT?

Shadow IT is the use of hardware, software, and cloud services without approval from the IT department. Mobile phones, third party apps, digital services, and personal WiFi networks can all be examples of Shadow IT. It has accelerated with the rapid shift to remote work, and brings increased risk to your company.

Shadow IT creates a blindspot for your leaders and IT teams. Business units often assume a local service provider will take care of security, but in fact it’s your organization’s responsibility whether you’re aware of activities at the edge of your network or not.

While TPRM helps you manage third parties that your business knowingly shares data with, addressing Shadow IT reveals the data that your organization is unknowingly sharing.

Most organizations grossly underestimate the number of Shadow IT applications already in use.

Brian Lowans, Principal Research Analyst, Gartner

What can you do
to solve the Shadow IT issue?

Incorporating new third party services isn’t necessarily detrimental to your organization, but they must be audited and managed appropriately. Reducing the Shadow IT risk involves people, process, and technology to achieve a company-wide cultural shift. Here’s what you can do to help:

CISO, CIO, CEO, CTO, or similar

Protect your network from
supply chain attacks.

VP, Director, Manager, or similar

Set strategies and policy to oversee your entire network.

Specialist, Analyst, Engineer, or similar

Detect, monitor, and secure unknown third parties.

Examples of Shadow IT

While popular and commercially available third party services aren't necessarily risks to your network, employees may mix personal and business accounts, or sign up for free trials that open your network up to unknown third and fourth parties. Here are some common services that are known to usher in Shadow IT:

apps like:
Comms and VOIP
apps like:
Collaboration apps
like Google Suite:
apps like:
apps like:

Shadow IT arises due to:

digital transformation
The move to remote
work and WFH

The need to scale
operations fast


IT requirements