Shadow IT is hardware or software within an enterprise that is not supported by the organization’s central IT department. Although the label itself is neutral, the term often carries a negative connotation because it implies that the IT department has not approved the technology or doesn’t even know that employees are using it.
In the past, shadow IT was often the result of an impatient employee's desire for immediate access to hardware, software or a specific web service without going through the necessary steps to obtain the technology through corporate channels. With the consumerization of IT and cloud computing, however, the meaning has expanded to include personal technology that employees use at work (see BYOD policy) or cloud services that meet the unique needs of a particular business division and is supported by a third-party service provider or in-house group, instead of by corporate IT.
Shadow IT can introduce security risks when unsupported hardware and software are not subject to the same security measures that are applied to supported technologies. Furthermore, technologies that operate without the IT department’s knowledge can negatively affect the user experience of other employees by impacting bandwidth and creating situations in which network or software application protocols conflict. Shadow IT can also become a compliance concern when, for example, an employee stores corporate data in their personal DropBox account.
Feelings toward shadow IT are mixed; some IT administrators fear that if shadow IT is allowed, end users will create data silos and prevent information from flowing freely throughout the organization. Other administrators believe that in a fast-changing business world, the IT department must embrace shadow IT for the innovation it supplies and create policies for overseeing and monitoring its acceptable use.