What is Shadow IT and why you should care about it?

All organizations, to some extent, have Shadow IT - spreadsheets, unsanctioned software, and workarounds. For many, these have become essential for day-to-day business operations but the risk they pose is huge.

4 minutes read | by Carly Enright | 1 October 2020

Imagine the following scenario. Julie, in finance, has been waiting MONTHS for IT to find a system to help them manage the accounts. She simply had enough, deciding to take matters into her own hands. “What’s the point in waiting months when I can find a solution myself?”, she says to herself, browsing google for the most suitable option. She comes across an application that seems cheap, “Bonus!!”, she cheers. It’s downloaded within a matter of minutes. She uploads the finance data and it seems to work! Why on earth hadn’t they thought of this before?

A month later, the company realises their information has been compromised. Customers are furious about the data protection breach. Their personal and financial information is now out there for all to see. The company now faces huge fines for breaking the GDPR rules. Customers are leaving en-masse for their competitor. After all, why would they trust the company that couldn’t even protect their data?

The company takes on the project of finding the leak. It’s not within their IT systems. Eventually they find Julie’s solution, which wasn’t approved or sanctioned by IT and doesn’t meet with their stringent security policies.

Let’s look at Shadow IT in more detail.

What is Shadow IT?

Shadow IT refers to IT devices, software and services outside the ownership and control of IT organisations.

Business users want quick, convenient software solutions to increase productivity and collaboration. However, IT departments- constantly challenged to do more with less- are too busy or encumbered by red tape to meet that need with agility.

Instead, business users end up, like Julie, downloading unsupported software, or building workarounds like spreadsheets.

Free Guide Download our free guide to learn the top 5 digital transformation trends for 2021

5 DX Trends Download

  • This field is for validation purposes and should be left unchanged.

How prevalent is Shadow IT?

Advisory firm CEB estimates that 40% of all IT spending at a company occurs outside the IT department. ServerCentral projects that within the next 10 years, 90 percent of IT spending will take place outside of IT.

In 2017, IBM found that one in three Fortune 1000 employees save and share company data to third-party cloud-based applications that are not explicitly approved by their organisations.

Why you should care about Shadow IT?

As we saw with Julie, these applications are potentially unsecure and pose a security risk. They are not protected by IT policies and the data held within them may be vulnerable. Data breaches result in hefty fines and will result in serious damage to a company’s reputation.


Not only are they a security risk, but they pose other challenges for businesses. Data quality is not ensured, especially in applications, such as spreadsheets, a digit can easily be entered incorrectly. With no error checking or validation, a single digit error can throw off a business case entirely.

Another potential problem with Shadow IT is data being held in multiple applications. How can a business keep track of all its data? With no data audit trails it becomes increasingly difficult to know what is happening in each department. This could lead to business decisions being made, without all of the relevant data, potentially unwittingly putting the company at risk.

What can be done about Shadow IT?

One of the most common causes of Shadow IT is the time it takes for an IT department to respond to requests for new applications. Changing business needs and greater demands on IT make this increasingly difficult.

Getting new applications in can be challenging. Each onboarding process is different and can be lengthy. As business needs change, applications can’t change with them. Therefore, you need even more applications, more onboarding, more installations. A seemingly never-ending demand.

Thankfully, there is an alternative. Low-Code application development platforms allow you to create bespoke applications in weeks, even days. These can be adjusted as demands change. Depending on the simplicity of the platform and the training given by providers, individuals within each department can create their own applications. These applications will ensure compliance as the Low-Code development platform will have been approved for use by the IT department.

IT is no longer overloaded with requests for new applications and data for each application is accessible in a secure, centralised system.

Take back control. Make Shadow IT a thing of the past. For more information on how PhixFlow’s Low-Code development platform, combined with our Rapid application delivery programme, can accelerate deployment of new applications to eliminate Shadow IT, please request a demo.

Other great resources...

5 Digital Transformation Trends for 2021

In this article we look at the key trends in digital transformation for the coming year and look at how Low-Code development platforms like PhixFlow can accelerate success.

3 minutes read | by Lee Smith

What lessons can 2020 teach us about digital transformation?

It’s clear that 2020 has taught the business world a lot about digital transformation, so what are the main takeaways from the year?

7 minutes read | by Lee Smith