Corona forces us into the home office and the fight begins: VPN, Citrix and three logins! Now comes an error message! What shoud that? Call IT support: No success!

Unfortunately, this exaggerated situation is often not an isolated incident! Companies have a poor IT infrastructure. The consequence is that employees cannot work meaningfully and teams acquire private infrastructure. This is called shadow IT and has experienced another boom since Corona!

Shadow IT

The term shadow IT describes IT systems that are used in the specialist departments or individual employees of a company in addition to the official IT infrastructure and without the knowledge of the IT department.

According to a survey by Censuswide on behalf of McAfee 500 IT managers and over 250 employees in companies in Germany were surveyed. Over half of the managers surveyed state that shadow IT exists in the company. Almost 40% of employees also admit to using their own cloud services.

In my experience, the main causes are the long provisioning process of the IT departments, cost savings and decisions for the wrong software tool and poor configuration of the tools.

Examples of shadow IT that I often experience are:

  • Own server for video conference
  • Own time recording
  • Office365
  • Own Jira server
  • Own file sharing platform

Danger from shadow IT

The Agility gained through in-house employee IT however, it also harbors shade. There is a dangerous sense of security in companies. Loss of data due to the lack of backup solutions and the mixing of private and professional use is also dangerous. Compliance violations and the risk of catching malware are particularly high, even if IT systems are unprotected. Most of these are operated with half knowledge.

Problems in IT security

Shadow IT therefore harbors most of the problems in IT security. Virus scanners and IT security mechanisms are often forgotten. This is based on the half-knowledge of the employees. The idea behind shadow IT is not a bad idea, but rather dissatisfaction with your own company IT.

Strategies against shadow IT

Shadow IT refers to any device, application, or IT initiative that is outside of the company’s control. In order to curb this shadow-it, it is important to interview the employees in the first step. In this way, you can at least get an initial list of exactly what shadow IT employees are using.

Then develop guidelines and let the shadow IT operate under the supervision of your own IT admins, who move the software to the corporate cloud and operate it sensibly. Also, implement that the company must always be informed about software purchases.

Also conduct awareness training. Many employees do not even know that they are using shadow IT. For example, many employees use WhatsApp to talk to colleagues but are not even aware that they are sharing company data via external servers.


Shadow IT harbors data protection risks and can make IT decentralized and no longer controllable in the company. It is the consequence when companies set up a less sensible IT architecture and let teams work remotely. Especially since the cloud, software often costs no more than 10 euros a month for private users and can therefore be quickly rented for work by almost any employee. The temptation is great and companies can easily counter it: Buy decent software and set it up! Employees cannot solve tomorrow’s problems with yesterday’s software!


[werbung] [fotolia]

I blog about the influence of digitalization on our working world. For this purpose, I provide content from science in a practical way and show helpful tips from my everyday professional life. I am an executive in an SME and I wrote my doctoral thesis at the University of Erlangen-Nuremberg at the Chair of IT Management.

By continuing to use the site, you agree to the use of cookies. more

The cookie settings on this website are set to "Allow Cookies" to provide the best browsing experience. If you use this website without changing the cookie settings or click "Accept", you agree to this.