Back to blog
casting a light on shadow IT from Surveil

Casting a Light on Shadow IT

4 minute read

Shadow IT is the lurking threat to your organisation that you might not realise is there. But what is it, what threat does it pose, and how exactly do you monitor a shadow?

Digital transformation has, in no uncertain terms, enjoyed something of a boom over the last few years – and not just because of that global crisis. Long before we were confined to our homes, organisations were increasingly turning to remote working, more complex solution suites, and exciting new technological remedies for traditional problems.

It’s not all been positive, naturally. Running parallel to this wave of transformation has been an alarmingly greater number of security risks, from bad internal actors to data-hungry criminals. Beneath these more obvious threats – though still just as important – we’ve also cultivated an awareness of the growing trend towards shadow IT.

Consisting of applications, software, and services in use by employees without the IT department’s knowledge or approval, shadow IT might sound like a low priority risk – if you even consider it a risk at all. The insidious nature of shadow IT, however, means it’s critical to shine a light on it sooner rather than later if digital transformation is to continue, secure and unfettered.

Putting Risk on the Radar

It’s easy to understand how shadow IT took root when considering changing behaviours and technological considerations. As the number of apps and services commercially available has grown, so too has the technological literacy and preferences of discerning customers – i.e., your employees. As a result, users turn to tools that lie outside the all-seeing eye of IT because they’re familiar, users think they understand them, they’ve used them previously, and they often can’t find a pre-approved or pre-existing alternative.

The defining feature of shadow IT is how little organisations expect it to exist among their own staff. In G2 Track’s 2020 research, however, they found that 80% of workers admitted to using unapproved SaaS applications at work, with an average company clocking up 975 unknown cloud services.

“Still, what’s the harm?” you might be asking. While employees may have their preferences, there’s a multitude of costs – both financial and intangible – to consider:

  • Security Gaps: IT teams can’t ensure the security of software that they are unaware of, inherently undermining an organisation’s security. With unsanctioned apps, data is often unencrypted, employees may use weak passwords, and sensitive information could be shared through public links. What’s more, without sight on the tool it’s hard to know whether or not multi-factor authentication (MFA) or single sign-on (SSO) are supported, let alone if users have it enabled and if authentication is happening securely.


  • Data Loss: 83% of IT professionals reported that employees stored company data on unsanctioned cloud services, which could have no backups, data recovery or protection in place. Questions will naturally arise around who legally owns the data, whether it’s compliant with local data protection laws, and if there’s cause to be concerned about data loss.


  • Financial Waste: Shadow IT also has considerable financial implications. G2 Track’s research also unearthed the startling discovery that 20-40% of enterprise technology funding is now spent outside IT’s purview. Meanwhile, approximately $34bn of annual licensing waste is generated between the UK and US every year, especially in areas where shadow apps have duplicated the functionality of an existing solution suite.

With all of the above to consider, there’s really no mistaking a crackdown on shadow IT as anything other than a drive for smarter security and intuitive cost savings.

Keeping the Shadows at Bay

So we know it’s a risk, but how exactly do you fight a shadow? The intangible nature of the problem can often mean it’s left out of sight, out of mind, with managers and IT teams begrudgingly letting shadow apps run their course. It doesn’t have to be that way, though.

While we can’t deny it’s a tricky challenge to overcome, there are approaches that can help to minimise shadow IT’s impact:

  • Identify adoption and usage of solutions across the organisation to spot where existing solutions are being underused. This will provide clues to where shadow apps might be filling the gap.
  • Identify unused and lingering licences to secure the cost savings that can mitigate what’s potentially being lost on shadow IT.
  • Challenge known third party apps and close gaps by driving the adoption of a Microsoft solution with equivalent functionality.
  • Draw upon usage data to educate, inform, and discuss with your employees how you can all tackle shadow IT together – and why it’s important to do exactly that.


To uncover some of the information needed for the above, managers may require manual and time-consuming processes, while details around shadow applications may be more evasive. In short, it can be something of a tedious journey, though worth it in the long term.

Surveil users, however, can simply tap into their Microsoft 365 insights to discover usage gaps, shadow IT apps, and potential cost savings – as well as using security recommendations to bolster the organisation. Surveil draws information from across the user’s Microsoft 365 and Azure environments to unearth deeply valuable analytics, offer actionable insights, and shed some light on what’s really happening across the organisation. If you’d also like to be a Surveil user, be sure to reach out to your affiliated Microsoft Partner to see if they offer Surveil. Alternatively, you can get in touch with our team to find out more.


Brighter Days Ahead

Let’s end this on an optimistic note, shall we? Yes, shadow IT can be a daunting issue to overcome, and maybe you’ll now be a little more worried about the apps your employees are using out of view of IT. But, when all is said and done, there are ways to tackle shadow IT and bring those applications and services out into the harsh light of day, neutralising the risk. All it needs is analytics, insights, and communication with your employees. Even better is the knowledge that there’s now a faster route to this result, thanks to the Surveil platform.

So, be cautious of shadow IT and the dangers it brings, but also never fear: once you commit to remedying the risk, there are sure to be brighter days ahead.

Don’t tackle the shadows alone. Get in touch with your affiliated Microsoft Partner to enquire after Surveil or reach out to our team to find out more. Interested in offering Surveil to your customers? Register your interest in becoming a Surveil partner.




Related articles