Stop Shadow IT Before It Hurts Your Business

ITAM News & Analysis

Stop Shadow IT Before It Hurts Your Business

Shadow IT often spreads quietly and quickly becomes a serious risk. Just look at the UK-based supermarket chain Co-op: A little-known remote maintenance tool used by an external IT provider was compromised. The result? Nearly 800 stores had to shut down because their checkout systems failed.

The root cause? A functional but unmanaged tool with no transparency or protection. The breach cost Co-op approximately £80 million in lost sales and caused significant challenges for its food business.

What happened

Attackers infiltrated systems, leading to supply chain disruptions, empty shelves, and stolen customer data. The attack is often cited as an example of a breach caused by “Shadow IT”—unmanaged IT assets (like exposed external-facing systems) used as an entry point for the attack. The attack is believed to have been carried out by the Scattered Spider group, which is known to use social engineering to gain initial access.

The Shadow IT Connection

• Attack vector: The breach highlights how Shadow IT, such as unmanaged or forgotten external-facing assets, can create entry points for attackers.
• Entry point: Attackers likely exploited an exposed system or a security blind spot to gain access to Co-op’s network, a common risk in the retail sector.
• Vulnerability: This case underscores the need for retailers to implement external Attack Surface Management (ASM) to detect and manage all internet-exposed assets, not just internal systems.

Business Implications

This case is a stark reminder that even well-established companies are vulnerable to sophisticated cyberattacks.

• It emphasises the importance of a robust cybersecurity strategy that moves beyond traditional defenses and proactively addresses all potential entry points, including Shadow IT.
• Retailers need to have a plan in place to quickly contain and recover from incidents to minimise operational and financial damage.

What is Shadow IT, and Why is It Risky?

Shadow IT refers to software or hardware that’s used without approval from your IT team, often in the form of SaaS tools. Employees sign up for platforms like Trello, Dropbox, or Notion on their own, usually because official tools take too long to access or don’t meet their needs.

While this may sound like initiative, it can lead to serious problems:

• Security and compliance risks: Unmanaged tools can put sensitive data at risk., and data breaches are expensive. According to IBM’s Cost of a Data Breach Report 2024, the average incident in Germany costs €4.9 million and is reaching a new record average in the US ($9.36 million).
• Duplicate tools, duplicate costs: When different teams use multiple tools for the same task, effort and spending increase. Gartner estimates that 30–40% of large enterprises’ IT budgets go to Shadow IT. These costs aren’t planned or managed, which makes them risky.
• Lack of visibility: Shadow IT often goes undetected for months, especially when it spreads across departments.

Where Shadow IT is Emerging 

Shadow IT is no longer limited to simple productivity tools. It’s evolving as employees adopt more advanced technologies to faster meet business goals. Key growth areas include:

• AI and automation tools: Employees are increasingly experimenting with generative AI platforms and automation scripts to speed up reporting, content creation, or customer support. While useful, these tools can expose sensitive data or produce noncompliant outputs.
• Low-code and no-code platforms: Business users now create apps or workflows without IT oversight. This boosts innovation but also increases integration and security challenges.
• Browser extensions and APIs: Teams often add browser-based plug-ins or API connectors to “make life easier,” connecting company data to unknown third-party services.
• Cloud storage and collaboration tools: Even with official systems in place, employees still use personal cloud accounts for convenience. This creates parallel storage ecosystems beyond IT’s control.

These emerging areas show that Shadow IT isn’t just a software issue. It’s a behavioural and cultural one. People want flexibility and speed. The challenge for IT is to enable both, safely.

Why Shadow IT is Increasing: Trends Shaping the Future

The growth of Shadow IT reflects a broader shift in how organisations work. Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT’s visibility—up from 41% in 2022.

So, what’s driving this change?

1. Decentralised work models: Hybrid and remote work environments give employees more autonomy. Without daily IT contact, teams solve problems their own way.
2. Rise of SaaS ecosystems: With thousands of easy-to-access SaaS apps, anyone can subscribe or integrate tools with just a credit card.
3. Empowered business users: Non-technical employees now have access to tools that once required IT expertise, like analytics dashboards or automation workflows.
4. Pressure for speed: Business units can’t always wait for formal IT approval. Faster time-to-market often outweighs strict compliance processes.

This trend isn’t necessarily negative. It’s a sign that employees are taking ownership of technology to get results. The key is finding the balance between empowerment and control.

Stop Shadow IT in 4 Steps

1. Automatically identify SaaS tools

Start by creating transparency. A SaaS Management platform can show what tools are really in use—including unauthorised apps, unused licenses, and shared accounts. Automated analysis helps you spot risks early and stay in control without time-consuming manual checks.

2. Train employees and listen

Shadow IT happens when teams feel ignored. Training helps explain risks and introduce safe alternatives.

Make sure your training is:

• part of your onboarding process
• held regularly
• backed by open communication and active listening

This builds trust without relying on strict rules.

3. Offer better tools

If the current setup doesn’t work, teams will look elsewhere. Shadow IT is often a cry for help.

So, get business units involved:

• What features are missing?
• Are there better options?
• Can official tools replace unofficial ones?

The right tools turn IT into a partner not a bottleneck.

4. Simplify approvals

Slow approval processes push teams toward Shadow IT. A better approach:

• streamline approvals
• automate workflows
• offer a self-service portal with pre-approved tools

That way, teams get what they need quickly and securely.

The Takeaway: Get Proactive About Shadow IT

Shadow IT isn’t new, but it’s growing, especially in home offices and distributed teams. Use a tool that can uncover unknown applications across the whole company. Even with strict IT policies, SaaS tools can slip through and drive SaaS sprawl—good discovery software finds them. If an employee signs up via Google or Microsoft SSO, the tool should detect it, even retroactively.

Act early, and you’ll benefit from:

• transparency through SaaS management
• trust through training
• acceptance through better tools
• efficiency through clear processes

Turn a risk into an opportunity—for stronger security, leaner operations, and empowered IT.

This article is from Brian Riley, who works in sales development for USU Solutions International.

 

 

Subscribe

Can’t find what you’re looking for?