Skip to content

Risky Business: Engaging Employees in the Battle Against Shadow IT

Luke Reimer
Luke Reimer

Employee collaboration using unsanctioned apps is on the rise, which can cause serious security concerns. Learn how to prevent the use of rogue apps.

In today’s work environment, there are a myriad of apps available to employees that can improve collaboration with co-workers or simplify daily workflows. Sounds good, right? The problem is, some are sanctioned, some are not – and there’s a reason for it.

Data is becoming a new global currency, and the landscape of data access and ownership is far from sorted. The recent lawsuits and investigations into major social networking platforms over improper usage of data illustrates the turmoil.

The near-steady stream of data breach announcements being shared from both personal and work-related apps and tools solidifies the idea that data is important, and it’s not as safe as we may have thought.

Employees use unsanctioned apps because they’re easy and convenient. But unfortunately, they’re not always secure – or haven’t been evaluated by IT – and this practice can significantly increase the risk of a breach and have negative repercussions for the organization.

Employee collaboration using unsanctioned apps on the rise

We asked 2,000 employees working at medium-sized and large organizations to tell us how they shared knowledge and collaborated internally. What we found may surprise you.

First the good news. Employees are confident that the knowledge-sharing tools provided by the company keeps their data safe and secure, with 91% saying these tools would only allow access to authorized individuals.

Now the bad news. Despite their confidence in company tools, employee information-sharing practices are troubling – and risky.

The survey found:

  • Employees frequently store and share sensitive information, mostly by email (69%), but also through shared drives, instant messaging, and the company intranet.
  • Secure methods that track access and support watermarks are rarely used.
  • Employees say they use non-approved applications because they’re easy to use and less likely to be monitored or tracked by their employers.
  • Fewer employees are satisfied with the apps and tools provided by their companies than last year.

Shadow IT raises serious concerns

It is human nature to choose the quickest and most familiar solution, even when there are secure methods available. So, it’s not surprising that employees are opting for shortcuts to save time and get more work done.

50% use unsanctioned apps and software • 55% use unsanctioned apps and software because they cannot be monitored or tracked. • 62% use unsanctioned apps and software because they're easy to use.

Of those surveyed, 50% said they used an application or piece of software without the knowledge or approval of the IT department.


Often referred to as “Shadow IT,” unsanctioned apps can be easy to use and are often adopted because a centralized set of tools is not available or is viewed as inadequate.

Decentralization of apps and tools has contributed to the risks. 10 years ago, a single office suite was sufficient to do business. In today’s enterprise, hundreds of shadow IT applications could be in use, for everything from product roadmap conceptualization to document reviews to team-level project management. These days, it seems that there’s a lightweight SaaS app for anything and everything.

Regardless of their purpose in the workplace, companies should treat shadow IT seriously. Here’s why:

  • The information shared on these unsecured systems can present significant risk to an organization’s sensitive data.
  • The inevitable “app sprawl” leads to fractured or siloed communication within the enterprise.
  • Communication breakdown and poor collaboration can affect productivity, efficiency, and competitive advantage.
  • Consolidating apps can result in cost savings for the organization (e.g. using one approved tool for all billing)

Reduce the risks by getting employees on board

First, it’s important to help employees understand that every time they use an unsanctioned app, they’re making themselves – and the company – an easy target. A data breach becomes a matter of when, not if it will happen. And when it does, the data loss and damage to customer relationships and the company reputation could be catastrophic.

You can prevent rogue apps from gaining traction by following this simple framework:

  1. Ask employees what applications and software they currently use.
  2. Determine why they’re using them. Are they faster, easier to use?
  3. Re-train employees on the functionality of approved apps.
  4. Establish a process for evaluating and implementing new apps, including a security review

Ultimately, your goal should be to make the apps your employees use available from a secure digital workplace platform.

Create a culture of secure collaboration

The survey clearly demonstrates that establishing a culture of secure collaboration in the digital workplace is urgently needed.

Surface these actionable insights in your next team meeting:

  • Employees raise security risks by using unsanctioned technology and non-secure methods to store and share sensitive information.
  • Companies can evaluate risk by conducting a thorough audit of approved and non-approved applications and software.
  • Leaders can combat shadow IT by integrating employee-preferred apps into the digital workplace and/or re-training employees on the functionality of existing tools and technologies.

In the long run, engaging employees in the battle against shadow IT will protect the company, its intellectual property, and most importantly, its data and its customers’ data.

We recently released our second State of the Digital Workplace Report, which identifies prevailing workplace challenges facing many organizations and offers innovative solutions that focus on digital tools and transformation.

Learn about our other key findings by downloading the full report.

Share This Article