Skip to content

Six Reasons Why People at Your Organization Are Using Shadow IT

Whether it’s an employee’s personal laptop, cloud storage, or thumb drive or any one of a countless number of software applications, shadow IT is a constant threat for any IT department. Here are six reasons why.


Dealing with people or departments that have ‘gone rogue’ is part and parcel of running a large, complex IT estate. Shadow IT is ‘a thing’, but it doesn’t mean there aren’t things you can do about it. It all starts with understanding the underlying causes and trigger points. Here are the six big reasons why it exists and continues to persist.

1. Lack of vision

A modern translation of an ancient proverb says, “Where there is no vision, people run wild.” When departments or lines of business (LoB) within an organization aren’t given a clear direction or vision, they’ll create their own. Absent a clear vision, there aren’t objectives to align to. Like the ‘Texas Sharpshooter Fallacy’, departments will paint a target around the objectives they hit.

2. Double vision

This can almost be worse than no vision and will guarantee multiple shadow IT departments. Competing priorities and objectives that don’t align with enterprise goals or clear standards and policies, create a “run it like you own it” mentality. Efficiencies are not realized; a single department cannot take advantage of the larger enterprise’s scale. Left unchecked, multiple departments will create redundant systems and resources, duplicative or inconsistent processes, and a lack of standards that drive up the cost of the overall IT budget. This realization comes extremely fast (and costly) in the wake of a major outage, cyber security incident, or regulatory audit.

3. Lack of services and flexibility

Services needed by a particular LoB are not available, deemed inadequate, or don’t come at the speed or manner that is needed. This may be due to the enterprise having limited IT budgets, insufficient staffing, or managing a large technical debt. When faced with slow response, outdated or inflexible systems, internal businesses will lobby to build or procure a system, devices, or software that better suits their needs. It is important to note that the initial cost is only a fraction of what is required to run and maintain, so a shadow IT department will spring up. ‘Free’ puppies, anyone?

4. Lack of awareness

Companies that have clear standards and policies around IT services may have shadow IT pop up due to a lack of awareness of those policies. In contrast, there may be users who intentionally and willfully circumvent the enterprise IT department. If there isn’t enforcement of those policies, shadow IT departments will continue to thrive.

5. Special needs

There are times when the needs of a group are so unique that it may make sense to have a specialized IT department that warrants the cost and additional expense. This could be special operations or research that requires equipment and software that must be controlled tightly. Also, highly sensitive departments that require very strict access may create unwanted risk, if central IT is involved. These are rare but do exist. Because of the high risk involved, they are typically very expensive areas to run.

6. Politics

Sad, but we hear often: this isn’t a “technical problem” but rather a “layer 8″ problem, which is a sarcastic addition to the “7 layers of the OSI model” (a universal networking framework). Internal organizational politics can suck the lifeblood out of any company. Individuals or groups of individuals can become toxic. Large egos can lead to fiefdom building, and the like, which simply leads to splintered IT departments. This human desire for autonomy and authority will often lead to multiple mini-feudal kingdoms.

These are our six reasons why IT continues to frustrate. What are yours? Are the instigators of shadow IT the real problem, or is it those chosen to oversee the IT estate? What’s your experience?

Tim Morris

Tim Morris is a Technology Strategist at Tanium. An expert in cyber threat engineering, he builds teams and programs that solve security problems and streamline operations.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.