Shadow IT, as simply defined as possible, is the hardware or software being used in an enterprise that is not supported by the organization’s main IT department.

In other words – shadow IT represents an IT nightmare. It is all the technology that employees are using without the formal permission, or sometimes even knowledge, of the IT department. The definition used to only apply to technologies that employees adopted because they wanted immediate access to data. They wanted quick access without having to go through the necessary, but cumbersome, steps to obtain it through corporate channels. However, with the rise of mobility and BYOD, this definition has quickly expanded to include technology such as personal phone applications or software like Dropbox. The nightmare has now grown into a full-blown horror flick for many.

Shadow IT (like so many terms in the tech world) is however really a mixed bag. On one hand, it can indeed introduce the security risks feared, resulting in compliance, regulatory failures or more. On the other hand, however, it can drive innovation, introducing tools that spur productivity – many of which might otherwise not have been considered for implementation by the IT team. Whether you’re on the nay or yay (or the nuanced) side of Shadow IT, one thing’s for certain: when employees adopt Shadow IT they are telling management what they need in order to be productive.

Here’s the thing: when employees adopt technologies without the IT department’s formal permission, they’re not doing it to behave maliciously or out of defiance. Their purpose is not to create situations where networks or software application protocols conflict (both potential results of Shadow IT). The reality is that employees pursue alternatives that make their jobs easier; that make them more efficient; and that boost their productivity levels. In essence, employees are telling management this is what I need to get my job done. It is important to listen and then find a solution that works for both the business and how it gets work done and the corporate organization and how it must function in a secure manner.

IT departments and their organizations cannot ignore this phenomenon. Shadow IT is ubiquitous. It’s especially prominent in financial services, where Shadow IT is dominated by cloud services. The average organization uses 1,427 cloud services but only 8.1% of all cloud services (about 20,000 total in-use today) meet the strict data security and privacy requirements of enterprises. This places sensitive corporate data at a huge risk, sometimes resulting in unauthorized access as end users ignore the security limitations of cloud apps and services in leue of efficiency and productivity to get their jobs done.

So, what’s an IT project manager to do? The answer is to work with Shadow IT, not against it. That may seem easier said than done however there are several ways to start doing this.

  • Get to know the people outside of the IT department to learn what’s going on in the business. Find out what the business needs to get their jobs accomplished?
  • Be the thought leader in IT. Offer advice and guidance when you learn about Shadow IT projects departments are using. Discuss security and how information is protected and discuss how to ensure data protection.
  • Work together and educate employees on best-practices for security vs. saying ‘no’ or ‘but this wasn’t approved by IT’.
  • Create trust between departments so that business units can connect with the proper IT resource and share what is working and not working for them when it comes to technology in the office.
  • Lastly work with business units to understand their needs and help them make better decisions to also meet enterprise needs for security and compliance where appropriate.


Along with BYOD came SMS text and many texting applications. Unsecured communications like these communications are not secure, not trackable, not captured for compliance and sit on devices outside of IT’s management. Email has become the new snail mail and the speed of business today requires faster channels. The ability to text for communication is now a critical requirement for many employees in order to increase information sharing, rapid response and decision making.

While these tools may increase efficiency, they also put organizational information at significant risk. SMS text, nor consumer-based texting apps provide the level of secure, compliant texting required for the enterprise. So, although efficient, this causes a significant concern for IT and Compliance departments that need to maintain control of corporate and client information.

In this example, however it is possible for the IT Department to overcome shadow IT in this instance. By implementing an easy-to-use secure communication app like Vaporstream, IT can offer a solution that mimics the look and feel of the tools employees are already using while meeting security and compliance requirements for the company.

In Summary

Shadow IT has become a common scenario for all organizations, especially with the evolution of mobility and BYOD. It is important to pay attention to the types of apps, and functionality that your employees are utilizing to see where you as the IT Department can still protect organizational and client data to ensure secure business and compliance.

To find out more about Shadow IT and the impact of non-secure communications to compliance and security, contact us or see Vaporstream in action.

Contributor- Vaporstream Team