Shadow IT traditionally refers to employees using technology solutions—like cloud apps, personal devices, or software—without formal approval from their organisation’s IT department. Think of it as employees "going rogue" with tools they believe know help them work faster or smarter. While on the surface this sounds harmless enough, it does, absolutely, 100% create risks that can spiral into security breaches, compliance headaches, and budget blowouts.
For Organisations that don't HAVE an internal IT department and rely on an outsourced service (be it an MSP, TSP or an "Outsourcer") this becomes even more complex as the outsourced service provider will often have a complete blind spot for Shadow IT and if there are contractual/trust issues at play, this only gets worse!
Imagine a Nurse in an aged care facility using a personal Google Drive account to share patient schedules because the approved system doesn't support an Android handset and they can't afford an iPhone; or a finance team subscribing to a project management tool to meet deadlines; or a marketing team establishing a new email broadcast tool with a DNS zone and temporary email address. These are common examples of Shadow IT in action.
IT teams might notice spikes in data uploads to unknown IP addresses. For instance, a Melbourne-based accounting firm discovered employees were using a free invoicing app that leaked client data overseas. Regular reviews of firewall traffic logs will identify unusual destinations that may be "indicators of issues" that warrant investigation.
Regularly review installed software lists across the device fleet to identify unauthorised additions - many Shadow IT candidates allow for installation of components without the need for an Administrator account.
Keep an eye out for Newsletters, company marketing or special event branding and communication channels as these may well be established "outside" of IT control as they are rarely seen as IT assets, but can open up significant security, compliance and brand issues.
Finance and accounting teams are often the Whistleblowers for Shadow IT as they will identify recurring transactions on company Credit Cards well before an IT audit will be completed. Keeping an open channel between IT and Finance is a great way for this information to be identified early and actioned before Shadow IT becomes a major business risk point.
When teams argue that their tool is "best" for transferring data this is often a sign of tool duplication and at least one Shadow IT system (sometimes BOTH are using Shadow IT!). Data Islands such as this are both productivity killers as well as security risks.
When an experienced Help Desk/Support Centre analyst has a "what the" moment regarding a system they have never heard of and can't find in documentation for (but a quick google leads them to a sign-up page), then that is a pretty sure sign of a Shadow IT issue that needs addressing. If you have an outsourced helpdesk/Support Centre, make sure they have a clear reporting channel for such issues.
Audit Regularly: Use software inventory tools, firewall traffic categorisation and credit card reviews to identify risk areas
Talk to Teams: Check-in with the under-pressure teams on what IT impediments they face - look for areas where new tools are needed and engage with them on the "best" way to choose and include such tools in the Corporate application stack
Optimise Approvals: Ensure that there are defined, documented, resourced and publicised programs for the evaluation of new technology solutions to reduce the temptation for staff to "go Rogue"!