There are many reasons why only 51% of organizations meet their original project delivery goals—but a lack of transparency exacerbates them all. Without transparency, a manager can never accurately assess bandwidth, resource allocation, or team performance. This is what makes Shadow IT so pernicious. It precludes real insights into what teams need to achieve their goals and milestones.

Broadly, Shadow IT refers to any use of applications, software, or devices hidden from an IT team's view. Software is usually the most common offender, typically in the form of one-off apps. And while those tools might drive short-term collaboration, they can silo valuable conversations and data, threaten data security and compliance, and present an inaccurate panning.

Most employees turn to unsanctioned tech because they need it to work more effectively. In other words, it's a sign of an engaged employee; not a nefarious one. This is good news, because 52% of tech executives report that their employees are purchasing unsanctioned applications. In response, some organizations are equipping teams with unified software solutions. This can help decrease the need for disparate applications, but it won’t eliminate them entirely. With this in mind, forward-thinking business leaders are turning their attention to risk mitigation. 


The only way to find Shadow IT in an organization is to look for it. Surveying employees about their own use of Shadow IT is a great way to start. An open and non-punitive approach increases the likelihood that employees will come forward without additional prompting.


Budget audits targeting surreptitious IT spending is another strategy. SaaS management tools can spot anomalies in traffic and server load, or track how data and metadata are moving through the organization.


The easiest way to reduce Shadow IT is to develop robust internal communication channels. Employees usually turn to Shadow IT to increase on-the-job efficiency. This is where listening becomes essential; the only way to improve compliance is by understanding why the current tech stack is insufficient, and gather information on what tools might improve employees’ software experiences. Employees are your best source of information for this.


Of course, communication is never a "one-and-done" scenario. Understanding the pros and cons of a given software solution requires an ongoing, open conversation. The employees stepping forward about their own use of Shadow IT will likely prove your best collaborators. As attentive and proactive problem solvers, they are already finding solutions for on-the-ground problems often invisible to those at the managerial level.


After understanding why employees are turning to Shadow IT, it's time to assess the risk it poses. Not all scenarios pose the same risk; it's important to triage them accurately. However, establishing a rule about Shadow IT usage is not a comprehensive solution. Employees will continue to turn to unsanctioned tools until they have the right tools or capacities to meet their needs.

In some cases, curbing the risks of Shadow IT can be as simple as defining the types of activities for which use is permissible. For example, ChatGPT might be safe for creating marketing copy, but off-limits for analysis and reporting of internal data. By maintaining a list of approved apps (and activities within them), IT teams can offer employees customization options that maintain an organization's broader information security promises.


Building formal communication processes is an effective way to ensure that everyone engaged with a project can easily stay in the loop.

If lack of timely IT support is causing employees to turn to Shadow IT, workflows can turn support requests into tasks or projects with pre-set SLAs and escalation rules. The same method can be applied to the procurement and approval process for new technologies. Keeping employees in the loop through progress updates is an approach likely to foster compliance.

Software is only useful when it's used. But because software is constantly being updated, and its capabilities and features are continually expanding, it's understandable why many employees resist org-wide implementations in favor of the familiar apps they’ve customized to their needs. Ongoing education not only drives awareness of org-approved offerings, but provides an opportunity for org leaders to reaffirm best practices and alert employees to the security risks of Shadow IT.

Lean in to resource management

You can't measure what you can't see. And when Shadow IT is where the work happens, effective project management is a largely futile effort. Instead of working on strategic analysis or resource allocation, managers have to waste time asking for updates, trying to locate documents and collateral, and pinpointing why the budgets have gone so far off the rails.

When everyone works from a single (and shared) UI, it's easy to make quick course corrections and communicate them to all relevant stakeholders. Consolidated data leads to smarter data; when information is no longer cordoned off in unknown systems, it can exponentially grow in its organizational value.

In the absence of a unified system, good communication becomes essential; it is what connects every member of a project team to a common set of strategies, goals, and actions. And that connection is an organization’s best chance of mitigating the risks that arise from the use of disparate software. 

Zoho offers a suite of intelligent enterprise business software, including an award-winning CRM suite, the industry's only comprehensive analytics and BI platform, and a powerful low-code development ecosystem.