Close Menu

Search for Keywords...

5 Top Shadow IT Risks


Risky business: a great movie and a terrible growth strategy.

Without a clear line of sight into how, and where, your business is spending on technology tools, you risk quite a bit: security issues, outsize costs, complicated tech stacks and more.

That’s the impact of shadow IT on your business.

In this post, we cover the most critical shadow IT risks you should consider — and the best way to find and reduce shadow IT in your company.

First things, first: What is Shadow IT?

According to Gartner, shadow IT refers to “IT devices, software and services outside the ownership or control of IT organizations.”

So: it’s not that nobody in your organization knows about the software, service or tool. It’s that the tech wasn’t directly sourced by, and isn’t under the direct control of, the IT organization. As you’ll see, this can quickly open a can of worms.

When we’re talking about SaaS-specific shadow IT, we mean applications purchased by teams or individuals and reimbursed as expenses, rather than going through a formal procurement/vetting process.

Why shadow IT risks are a growing concern

The wide adoption of SaaS — from SMBs to enterprise organizations — has made shadow IT more prevalent.

Gartner projects that SaaS will grow more than 15% in 2021, bringing in $120B in revenue. This tracks closely with the fact that SaaS spending grew 14% among Zylo customers in 2020.

Why does SaaS impact shadow IT?

One of the many benefits of SaaS is that it’s easy to acquire. But this is also why it is a huge contributor to shadow IT. Consider these three interrelated stats:

  1. One in four employees expense SaaS.
  2. SaaS applications purchased via expensive make up just 7% of SaaS spending, but they represent more than half of all SaaS inventory.
  3. Combined, business units and individuals make up 58% of SaaS spending and 75% of SaaS application quantity.

Related: Zylo’s 2020 SaaS Management Benchmarks. Check it out for more.


Taken altogether, it’s clear that SaaS makes things easier for the end user and more complicated for the operations professional — especially IT.

5 of the Top Shadow IT Risks

Shadow IT is associated with a wide range of business and IT risks. This isn’t an exhaustive list, but instead reflects what we see as the biggest challenges for SaaS-sourced shadow IT for the IT organization.

1. Governance, security and compliance risks

Cost isn’t the only impact of shadow IT for SaaS platforms.

Typically, a company’s purchasing or sourcing team has rules of governance, processes to ensure a piece of software is secure and compliant (among other things). Expensed SaaS doesn’t go through this vetting process, which puts the organization at risk.

“With a sharper focus on cloud-based apps, alongside the pivot to distributed work, comes greater security exposure.”  – Robert Torres, CIODive

Without the proper governance reviews in place, you’re putting your organization at greater risk of a data breach and other security issues. Beyond that, shadow IT doesn’t leave room to ensure that your tools and your employees are compliant with regulations like GDPR or HIPAA, either.

2. Duplicate purchases

Picture this scenario: one business unit selects and acquires a SaaS application for distributed use within its organization.

An employee in another group needs the same tool, but because he or she is unaware of the decision and unable to inquire about SaaS application inventory, they also acquire the same tool. But, because the employee purchased the application as an individual and not as a large company with buying power, they pay more per seat or license.

The upshot is everyone paying more than they have to for a required tool.

This scenario isn’t uncommon: in the average large organization, 90 SaaS applications are purchased by more than one employee.

Without taking time to gain insight into your shadow IT, these are difficult purchases to roll back.

3. Redundant applications

Shadow IT makes it likely that there are applications in use with redundant functionality.

For example: the marketing team uses GoToMeeting, the Engineering team uses Zoom, and individual employees use their own web conferencing tools for individual meetings.

When several applications compete to fulfill the same function, it robs the organization of purchasing power because it splits the user base amongst several applications, rather than the entire company consolidating around a standard application.

It also inevitably leads to higher IT costs than necessary.

4. Inability to rightsize licenses

In a given 30 day period, 38% of SaaS licenses go unused.

That means you’re probably paying for licenses you don’t need — and that your business is likely wasting quite a bit of money every single month.

But it’s difficult — if not impossible — to rightsize licenses for software you don’t even know exists. Shadow IT prevents you from being able to regularly review your SaaS subscriptions, licenses and contracts, making sure that they reflect your current headcount and employee usage.

5. Unplanned, reactive renewals

The average company sees at least three SaaS application renewals every single business day.

But when SaaS is purchased throughout the company, it’s nearly impossible to anticipate these renewals. Automatic renewals help ensure continual service, but these renewals often occur with little to no planning and without data that demonstrates the utilization or cost-effectiveness of the application in question.

Not having a clear renewal calendar due to shadow IT is a sure fire way to see costs balloon over time.

How to find Shadow IT in your company

Shadow IT creates unnecessary costs and risks for your organization.

But you can’t reduce these costs and risk if you don’t have full visibility into your SaaS portfolio. Visibility isn’t just about reducing the number of applications. It’s about getting a picture of which teams and employees purchase SaaS tools, how they’re being used, and what the associated costs are.

Getting that level of visibility into the applications your organization maintains is the first step to reducing (or eliminating) shadow IT.

As SaaS continues to replace on-premise software, shadow IT is a growing phenomenon. And it’s one that puts your organization at risk. Find out how Zylo can empower you to take control of SaaS — and eliminate shadow IT. Watch this video to find out how.


Shadow IT,