A-Z Popular Blog Encyclopedia Search »
Technology Guides
Key Concepts
Related Topics
Information Technology


12 Types of Shadow IT

 , updated on
Shadow IT is the unauthorized use of technology within an organization. This is an common practice that arguably has productivity benefits as teams seek out tools to meet their needs without engaging heavyweight processes such as IT governance. However, shadow IT opens up an organization to risks in areas such as information security, operational stability and compliance. The following are common types of shadow IT.


Installation of applications or apps. This can represent an information security risk as an application may contain vulnerabilities or malicious code that users are unlikely to notice.

Internal Controls

In some cases, employees install tools to bypass internal controls. For example, traders at a bank could install an encrypted messaging app to bypass compliance constructs such as a Chinese wall.

IT Controls

Disabling IT controls that are perceived as inefficient or obstructive. For example, disabling a virus scanner on a system.


Installation, development and configuration of systems that perform a business function such as automation or data integration. Typically results in a fragmented architecture that is highly inefficient. There is also potential for operational problems such as outages caused by undocumented systems.


Software or infrastructure projects that fly under the radar without going through official channels such as the CIO and IT governance. This can occur due to office politics whereby an executive with significant authority is uncooperative with IT.


Developing data repositories such as a spreadsheet used to manage customer or product data. Such data may be prone to data loss.


Knowledge repositories that are hidden from the rest of the organization such as a folder filled with team documents that aren't checked into a document management system. Leads to knowledge loss and knowledge waste.


Use of external services such as a cloud-based sales tool. Can result in a variety of commercial, security and productivity issues.


Software developers who download and use APIs without proper verification of legal or security issues regarding its use.


An employee who does work using the public internet when a more secure network such as a VPN is required according to policy.


Employees who store company data on personal devices or connect outside devices to the private networks of an organization.


Acquiring tangible or intangible assets that aren't managed by processes such as procurement, asset management, financial management, license management, service management and compliance. For example, an employee registers a domain name using her name and credit card for a firm. Customers start using the site and it remains under her control when she leaves the company.
Overview: Shadow IT
The unauthorized use of technology within an organization.
Related Concepts

IT Skills

This is the complete list of articles we have written about it skills.
Artificial Intelligence
Big Data
Data Mining
Information Security
IT Examples
Legacy Software
Office Productivity
Problem Management
Process Automation
Search Applications
Service Delivery
Service Management
Software Design
If you enjoyed this page, please consider bookmarking Simplicable.

Information Technology Governance

A list of common IT Governance functions.

IT Governance

An overview of IT governance with examples.

Strategic Planning

A list of techniques for developing and implementing a strategy.

Business Risks

A list of common business risks.

Types of Technology

A reasonably comprehensive list of information technologies.

Chargeback vs Showback

The difference between an IT chargeback and showback.

Technology Risk Management

A reasonably comprehensive overview of technology risk management.

Technology Disadvantages

An overview of the potential disadvantages of technology with examples.

IT Strategy

A list of IT strategy examples.

Security vs Privacy

The relationship between security and privacy.


An overview of technology hardening.

Deep Magic

An overview of deep magic, a technology term.

Defense In Depth

An overview of defense In depth.

Encryption Examples

A definition of encryption with examples.

Canary Trap

A definition of canary trap with an example.


A definition of honeypot with examples.

Security Through Obscurity

A definition of security through obscurity with an example.


A definition of token with examples.


A definition of backdoor with examples.
The most popular articles on Simplicable in the past day.

New Articles

Recent posts or updates on Simplicable.
Site Map