Casting Light on Shadow IT

A man sits at his desk working on a computer. The shadowy figure of a colleague looms behind him.

“Shadow IT” – also known as Stealth IT, Client IT, or Fake IT – is any system, solution, or software that’s used by the employees of an organization without the knowledge and approval of the corporate IT department. Shadow IT poses a unique threat to cybersecurity as the technologies used are not appropriately managed to identify and mitigate the associated risks that can put corporate data at risk.

Examples of Shadow IT

Employees using unapproved technology assets are incredibly widespread in businesses of all sizes and industries. In fact, a study from IBM Security found that 1 in 3 employees working for Fortune 1000 companies have saved and shared company data to third-party cloud applications that were not explicitly approved. These violations of a company’s security policy increase the likelihood of a data breach.

Prevalent Shadow Technologies:

  • Unvetted communication tools used to share sensitive information outside of secured servers.
  • Unauthorized personal peripherals (USB drives, keyboards, etc) used on company devices.
  • Personal cloud storage accounts used to store company files.
  • Users attempting to manage IT assets on their own, including attempts to bypass existing security features.
  • Unmanaged remote access programs that can serve as an entry point for hackers.
  • Feral information systems – data management formations that are created and managed outside of the security and governance of the company’s approved infrastructure.
  • Personal devices used to perform work tasks in organizations that do not have an official bring your own devices (BYOD) policy.

The Dangers of Shadow IT 

When the corporate IT department is not fully aware of the scope of existing assets within the company they are not able to provide the upkeep, troubleshooting, and risk management that is required to use those assets safely. 

Shadow IT has the potential to cause a variety of logistical, data loss prevention, productivity, and security concerns, including:

  • Productivity Loss: The lack of availability for internal troubleshooting, training, and support for shadow IT assets can create productivity blocks when a subset of users begin to rely on unmanaged assets to complete their tasks.
  • Data Security: Unmanaged IT assets are not monitored or updated to address security vulnerabilities. Personal cloud storage accounts used to transfer corporate data may not have the same security controls available as enterprise accounts and they can be used as a gateway for malicious data exfiltration.
  • IT Governance: The auditing of software and hardware assets proves difficult when technologies are implemented without the knowledge or clearance of the IT department. As shadow IT is discovered, the continued demand for those applications to be officially adopted can lead to application sprawl that creates redundancies and an increase in the resources required to appropriately manage IT assets.
  • Software Utilization: Existing software resources that are provided by the company may see a significant under-utilization due to increased use of shadow technology alternatives.
  • Litigation: Whether the company is aware of the assets or not, events such as data breaches caused by unsecured shadow systems or the use of pirated software can lead to costly litigation against the company. Organizations such as The Federation Against Software Theft (FAST) and The Software & Information Industry Association (SIIA) work with software companies to prosecute the use of unlicensed software. In the event that intellectual property owners discover the illegal use of their software in an unlicensed commercial setting the company as a whole may be liable for the infringement. 
  • Non-Compliance: The data risks caused by the unmitigated use of shadow IT may be in violation of internal or regulatory compliance frameworks that govern how data is protected and used. These technologies can lead to violations of requirements for data residency, data security, and related forms of information governance.

How Can Shadow IT Be Mitigated?

While shadow IT is incredibly widespread and potentially dangerous, it can be mitigated against with the right tools and processes. With the help of (approved!) computer monitoring software, employee training, and suitable alternatives you can deploy a software asset management (SAM) strategy that effectively mitigates the threat of unmanaged technology.

Computer Monitoring Software

BrowseReporter is a versatile computer user activity monitoring software that helps organizations enforce policies, meet compliance requirements, and understand how their users operate – no matter where they’re located.

BrowseReporter’s detailed user activity reports provide insights like…

  • Are our users following organizational policies? Are there any unwanted activities that need to be addressed?
  • How engaged are our users? Do they spend the majority of their time on-task? And…
  • Are our users making use of the software we’ve invested in? Should we reduce the number of licenses we pay for?

The computer activity data is collected by a software agent that is installed on your computers. The agent connects to a database on your organization’s network, allowing you to maintain complete control over the data.

BrowseReporter’s central console allows you to run reports on your user’s computer activities from the convenience of a web browser. 

There are dozens of reports to choose from, including…

  • User productivity reports with an overview of how much time was spent on websites that are productive, unproductive, or neutral. These classifications can be customized to match what is productive for your users.
  • There are also detailed internet activity reports that show you what websites your users have visited, how long they spent browsing each site, and the amount of bandwidth consumed.
  • And finally, the application usage reports show you what software is being used, how long it was used for, and who was using it.

BrowseReporter’s reports can be generated on-demand, on a set schedule, or automatically sent to your inbox to alert you of specific events.

Using the End-User Reports feature you can even provide your users with on-demand access to their own data. This lets them benefit from the insights that you have.

BrowseReporter can even be deployed with optional privacy-enhancing features.

You can…

  • Display a custom message to notify users that they are being monitored
  • Make the client visible in the system tray
  • Stop monitoring outside of standard operating hours, and…
  • Disable certain types of tracking altogether 

These optional features allow you to customize your BrowseReporter deployment to fit the needs of your organization.

BrowseReporter is best used in tandem with our web filtering software BrowseControl. Using both solutions provides you with the visibility and control you need to ensure that your organization’s computers are being used appropriately

Ready to make data-informed decisions? Get actionable insights into the activity of your users with a free trial of BrowseReporter.

Get started today by visiting

If you have any questions during your evaluation our technical support team is available to help you over a phone call, live chat, or email.

Thank you!

To detect the use of unapproved and unfamiliar applications, you can monitor employee application use and web traffic for the prevalence of shadow IT. Once the demand for these applications is identified you can address the security concerns of unmanaged applications and services with the employees that are using them and take the opportunity to discuss viable alternatives or procedures. 

Unmanaged IT assets that continue to pose an unwanted hazard can be blocked using software that prevents access to unauthorized websites and applications until they can be adequately reviewed and considered for official adoption. 

Endpoint Management Software

To prevent the use of unknown data storage hardware that could be used to exfiltrate sensitive data such as intellectual property and records that contain personally identifiable information, you can use endpoint security software to disable unauthorized USB devices (flash drives, external hard drives, etc) from connecting to endpoints on your network. 

Cybersecurity Training

Employees using unauthorized software and hardware are typically not doing so maliciously; it is more likely that they do not realize the cybersecurity risks of the unvetted tools they use. An important step in tackling shadow IT is to ensure that your workforce is well educated about the dangers posed by unmanaged assets as well as their responsibilities for working safely with the technology they use in their workplace. 

Offer Suitable Alternatives

A key motivator for the use of unvetted tools is that the current suite of options offered by the organization does not meet the needs that their shadow alternatives are being used for. If the existing technology that is available to employees creates a productivity bottleneck, they are likely to continue using alternatives that better meet their needs in an effort to improve the efficiency and ease of their workflow. 

To ensure that new technologies are used safely, it is worth considering an official adoption that can be better monitored and managed by the security team. Encourage employees to be comfortable with being honest about the technologies they are using by establishing a method for them to report unauthorized software and hardware usage without the fear of disciplinary action.


The use of shadow IT is inevitable for most organizations. With the right tools and processes, your software asset management plan can mitigate the risks of unmanaged assets by identifying their use, coaching employees on their cybersecurity responsibilities, and offering suitable alternatives that can be safely monitored and managed by your security team.

Dale Strickland
Dale Strickland
Dale Strickland is the Digital Marketing Manager for CurrentWare, a global provider of user activity monitoring, web filtering, and device control software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.