Does Your Business have Shadow IT? You probably do... How do you find it?

Does Your Business have Shadow IT? You probably do... How do you find it?

If you’ve never heard of Shadow IT, it could be a big problem for your business and you  absolutely need to understand what it is.

Shadow IT can be a huge problem for your business and something that you need to be paying attention to.

First: What is Shadow IT? Shadow IT is just some sort of IT service that was purchased by a person or line of business inside of your company that wasn’t done via your IT Department.

What’s a really good common example of Shadow IT? Probably the biggest one in the market right now might be Slack. Somebody inside of your company started using Slack, that spread into a team, that team went to a Department, all of a sudden that went to multiple apartments… Next thing you know you have most of your company using Slack.

But why is Shadow IT such a problem? Well if your IT Department doesn’t know it exists, your IT Department can’t manage it, they can’t monitor it, they can’t make sure it’s secure, they can’t track vulnerabilities against it… They can’t do all the things that your IT Department needs to do for you.

Is your Shadow IT application vulnerable to an exploit that could cause damage to your business? Is your Shadow IT application in compliance with a regulatory mandate that you have to have? 

You could have risk to your business by an application being deployed inside your company that actually is a good application, but just because it’s not compliant, you’re at risk.

There come a lot of “gotchas” with Shadow IT and a lot of them stem from risk and compliance. Examples you’ve seen:

  • Let’s say regulation, E-discovery or litigation.  So your company becomes action to litigation either as a plaintiff or defendant in a case. What’s the first thing that happens in litigation? Discovery. Discovery happens first and what does that discovery demand look like? That discovery demand says: “Give me every document ever created in the history of your business that relates to these things, whether it’s in email, written chat, communication, text message, etc.”
  • These discovery demands are quite exhaustive. In the Slack case, Slack is really good and you can run Slack for free in your business but now all of a sudden you’ve a discovery demand and you need to go back and you need to find every chat message in your company that has EVER existed related to a topic.

What does that mean for you? Well now instead of being free, you now have a cost that can be $7.00 per user or maybe $13.00 per user times the amount of users you have.  So if you have a 1000-person company, are you prepared all of a sudden to absorb, out of nowhere, a $13,000 a month line item in order to support e-discovery and data loss prevention inside of an application that you IT Department had no involvement with and probably didn’t know existed?!

There’s lots of examples of Shadow IT and there’s lots of cases of this.

Shadow IT comes about also because unfortunately IT departments are resistant to bringing applications on because there’s a lot of checkboxes that they have to go through: is it compliant, does it integrate, do they have security policies as a vendor, meter specs, yadda, yadda, yadda… and so somebody goes out and fills out their credit card on a form and BOOM you’re running this application now, and then as time passes you walk yourself into an IT Disaster!

As part of our evaluation with our customers at we’re going to talk to you about what you’re currently running, your applications, what’s currently running, do you have lines of businesses that you’re aware of what they’re using, what are their critical applications?

Again: CRITICAL applications are what run your company!

How do these actually impact?

Do you have Shadow IT that you’re not aware of?

How do you bring Shadow IT into a budget for your IT Department: maybe they’re not managing it, but they’re aware of it, they can keep tabs on it, they can make sure that you’re in compliance and that you’re not creating business risk.

Do you have Shadow IT? You probably do.

How do you find it? You start asking people what they’re actually using, why they’re using it and how to unify into a common platform for your company.