Shadow IT is a problem that has plagued IT departments for years. In the late 2000s and into the 2010s, organizations had to deal with the increasing use of unsanctioned devices – often personal smartphones – to access corporate data.
While businesses have largely overcome this issue either through formal BYOD policies or stricter device-based access management rules, unsanctioned or unmanaged software use has risen in its place.
For many years, workers have increased their use of cloud-based technology to streamline and improve processes. With free apps and trials being easily available, unauthorized SaaS adoption by users or employees is more common than ever. Employees often sign up for new SaaS tools without the knowledge of IT teams.
This trend started in the 2010s, and accelerated in the first half of the 2020s as remote and hybrid working increased.
Workers are more distributed, technically savvy, and often require access to a plethora of systems to excel in their roles. For IT, managing all the cloud software in use and end users can be a tall order. There are, thankfully, key steps businesses can take to mitigate the risks and maintain control without creating obstacles for colleagues.
Shadow IT incorporates three channels:
- Hardware and devices
- Software applications
- SaaS and other cloud services
Exploring software as a service (SaaS) management platforms, for example, can be an important step to ensuring the IT department has centralized oversight on all software in use across the organization.
How shadow IT manifests in the cloud age
Shadow IT is a major concern for IT professionals, according to research from JumpCloud. 29% of respondents listed it as one of their top three security concerns, which is a similar proportion to those listing software vulnerabilities and ransomware (both 31%).
There are several ways that shadow IT manifests. Yes, it certainly includes using personal software on a personal device to complete work, or storing work files on personal or cloud storage accounts, but it goes beyond these common examples. Shadow IT also includes using video conferencing tools, transcript generators, or signing up for new applications, rather than using the work-sanctioned software. This may include email clients, calendar apps, or note-taking software.
Shadow IT from SaaS applications is the most common, according to Casting IT into the Shadows, a new eBook from JumpCloud. SaaS tools are easy to access and install, often with no upfront costs. These applications, such as Zoom, Google Docs, Dropbox, and many more may seem innocent enough – and there is nothing inherently bad about using them – but doing so undermines IT’s mission to safeguard the business.
Risks of shadow IT in 2025
AI-powered software is on the minds of IT leaders and it’s becoming critical to have visibility of the applications being used by employees. Internal policies have been created and with good reason and using AI is not risk-free. There is "an extensive matrix of legal risk" around the use of AI according to law firm Osborne Clark and, according to Cornel SC Johnson College of Business, the failure to implement basic security measures and train staff could be costly in the long run.
Meanwhile, several security issues may arise from the understandable employee temptation to access free-to-use SaaS applications. Employees may introduce malware and ransomware into the corporate network or expose sensitive data in an application that doesn't meet security standards. These applications may also have their own data residency policies, with data ported over to geographies without authorization.
How to overcome shadow IT with SaaS management
Jamie Russell, IT operations manager at Grove Collaborative, an eco-friendly home and personal care products firm, knows how difficult it can be to establish the extent of shadow IT use and clean up after it.
"We at Grove actually reviewed a couple of standalone SaaS management service providers – roughly a year or year-and-a-half ago, and decided not to go with any of them," said Russell in a webinar panel hosted by JumpCloud. "There were a couple of reasons around that. There was a financial aspect around it. There was a resource constraint aspect around it. But it was a topic I was certainly very interested in. So when Jumpcloud said – ‘Hey, we have a SaaS management product coming out’ – I was very excited to check it out and kick the tires on it."
JumpCloud's SaaS Management has a portfolio of tools that IT teams can use to better manage application usage across the business. The platform brings visibility into sanctioned and unsanctioned applications, letting you discover, manage, and secure access to every SaaS tool that's being used. The system also offers detailed insights on apps, users, and licenses in one unified view. Using Saas Management also boosts security at the front lines by warning or blocking users when they visit unapproved domains.
Shifting to a proactive approach with a SaaS management platform means IT teams can prevent security risks earlier by anticipating potential issues and making sure employees have everything they need to work effectively without putting the business at risk.
To learn more about how SaaS management can help your business, register now to watch a free webinar on the rise of shadow IT or read the latest eBook from JumpCloud on how shadow IT manifests today, and how you can mitigate it.
