Cyber Security

What goes on in the Shadows: Addressing the Looming Threat of Shadow IT

This article explores what shadow IT is, why employees use it and how it can be effectively addressed.

Written by

Team Nucleus

Written on

17th September, 2023


What is shadow IT?

Shadow IT refers to the use of any hardware or software without the knowledge of the IT team within an organisation. Examples could include anything from working through Google Meets when the company uses Microsoft Teams to downloading software plugins for a video editing programme that have not been approved.

While shadow IT does not necessitate the presence of malware, the use of unapproved IT poses significant risks. This is due to the nature of shadow IT being unknown to the organisation’s IT team, meaning that they are unable to monitor these assets for vulnerabilities or potential threats.

The risks of shadow IT should not be underestimated; with an estimated 80% of employees admitting to using shadow IT, it’s no surprise that it is often a leading cause of vulnerabilities that lead organisations open to a cyber attack.

Why do employees use shadow IT?

With shadow IT being such a common problem, it’s important to understand what leads so many employees to circumventing their IT team and using unauthorised software and hardware. Identifying the factors that lead to shadow IT will help create understanding on how to reduce its prevalence in organisations.

One of the biggest reasons is that many employees get frustrated at the process of getting new software and hardware approved by their IT Team; IT teams are often overburdened, and the process of thoroughly checking and approving IT tools can often be time consuming. As a result, individuals and teams may choose to use shadow IT and not go through the important verification process.

Another reason employees may use shadow IT is to increase productivity. For example, while there may be a tool officially sanctioned and approved by the IT team, there may be an alternative tool that some employees prefer, so they choose to use unapproved tools instead.

What are the risks of using Shadow IT?

The largest risk presented by shadow IT is that it leaves organisations open to a breach. As the software/hardware is unvetted and unknown to the IT team, there may be existing or newly emerging vulnerabilities that could be exploited by cyber attackers. This lack of visibility for IT teams presents a huge risk to organisations as they are unable to see what assets are exposed and vulnerable. Keeping on top of monitoring known IT tools for vulnerabilities is difficult enough but monitoring tools that aren’t visible to the IT team is impossible.

For example, imagine a team within an organisation decided to use a new CRM programme without informing their IT department. There may be a known vulnerability in the software that leaves the organisation vulnerable to a data breach. If the team had gone through the appropriate process, the IT team could have been able to identify that the programme was unsafe to use and suggested an alternative.

In line with this, shadow IT could also lead to compliance issues. For example, regulators such as GDPR (General Data Protection Regulation) have stringent compliance rules that may be undermined by shadow IT. As a result, organisations may find they have not met these regulator standards which could lead to hefty fines and legal consequences.

Another less malicious, but impactful, implication of using shadow IT is poor integration. By circumventing the IT team, the adoption of unapproved software or hardware may lead to inefficiencies if the tool is not appropriately supported by the existing IT infrastructure. If the tool had previously been assessed by the IT team, they would have been able to either reject the use of the tool due to it not being supported or work to adapt the IT infrastructure to ensure it would run smoothly with minimal inefficiencies.

How can the risks of shadow IT be mitigated?

One key method to address shadow IT is to improve communication between the IT team and the rest of the organisation. Ensuring that employees understand the risks of using unauthorised IT tools may encourage them to think twice before bypassing the organisation’s regulations.

Similarly, it is equally important for any frustrations to be communicated to the IT team so that they can be addressed safely and appropriately. For example, if a team is unhappy with a current piece of software and they wish to use a different tool, this should be communicated to the IT team who can then work to verify and safely implement the new tool or find an alternative. Forcing employees to use a tool that they may find too frustrating to work with could increase the likelihood of shadow IT being used instead. Therefore, IT teams should try to be more flexible by revising IT policies and providing alternative software or hardware suggestions if the desired tool does not meet the standards of your organisation.

Finally, another key way to prevent and identify the use of shadow IT is by having the monitoring capability to be able to identify whether it is being used. Telesoft’s advanced network monitoring toolset, the TDAC Platform, provides organisations with total visibility across network and cloud environments. By using our comprehensive toolset, your IT team would be able to identify the use of any unauthorised IT tools, which can subsequently be addressed. Alternatively, our team of cyber analysts can monitor your digital estate on your behalf with our 24/7 Managed Detection & Response service.


With the use of shadow IT remaining highly prevalent in many organisations, it’s something that needs to be addressed if cyber security is to be optimised. While having the appropriate policies in place to discourage the use of unapproved IT tools can help, it is equally important to address the frustrations that leads to employees using shadow IT. However, it is also important to have the visibility to identify its use. By using Telesoft’s advanced network monitoring tools or adopting our MDR service, organisations can gain complete network visibility.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus