}

Managing cookies

We use cookies to ensure the proper functioning of the site, to measure the audience and to broadcast appropriate advertising. Check out our Cookies policy to find out more.

Accept
Refuse
Tous
Cybersecurity
Project management
Cloud
Sovereignty
Alternatives
Tools
Home
Blog
Cybersecurity
Author
Lionel Roux
CEO at Wimi
In this article
Share

How to reduce shadow IT within your organization?

Cybersecurity
5 min
Posted on
4/2/2026
Shadow It

La digital transformation has revolutionized the way of working and the tools used by employees on a daily basis. Collaborative platforms, instant messaging, file sharing and storage solutions, file sharing and storage solutions, task managers, etc., the use of cloud services has gradually spread within organizations of all sizes and in all sectors.

However, while these digital tools are essential to facilitate collaboration and communication between dispersed teams and remote employees, it is important to be vigilant. Indeed, if their use is not properly supervised, the company is exposed to dangers such as cyber risks. It's called shadow IT.

Find out what shadow IT is and what measures to implement to limit the risks within your company.

What is shadow IT?

Normally, all the software and applications installed within your organization are managed by the Information Systems Department (DSI). The latter has put in place regulations, procedures and standards that the selected tools must comply with in order to be used by employees.

Shadow IT (or “shadow computing” in French) refers to the installation and use of computer hardware, applications and/or software by employees without the approval of the IT department. As a result, these digital tools have not been tested, controlled, approved and secured in advance, and their use poses a threat that can endanger corporate data.

The democratization of cloud computing and the ease of access to various digital applications often push impatient employees to look for solutions on their own. Thus, to avoid a sometimes long and complex process with the IT department, they prefer to install and use software that has not been officially validated by the IT department.

This practice is a real problem and a real challenge for CIOs who do not necessarily realize the extent of the phenomenon. In 2017, in the Symantec “Shadow IT France” report, carried out in collaboration with Cesin, the CIOs estimated that around 30 to 40 applications and cloud services were used on average within companies, when in reality, this figure averaged 1,700. This shows a significant gap between what CIOs think and reality.

Here are a few examples of shadow IT:

  • An employee uses their personal Dropbox account to sharing files with colleagues;
  • a team collaborates simultaneously on a document via Google Docs and uses Whatsapp and Skype to exchange;
  • An employee working from home uses his personal computer to work at home and transfers his files via his personal USB key.

The consequences of shadow IT

One of the main risks of shadow IT is, of course, cybercrime. According to the Business Cybersecurity Barometer conducted by Cesin in January 2021, shadow IT is the main cause of security incidents for 44% of companies.

Here are some of the risks that shadow IT poses to businesses.

  • Security risks informatics : a computer tool that has not been verified and validated by the IT department can constitute a security breach by creating a back door through which cybercriminals can enter to steal or corrupt company data.
  • Compliance issues : software and applications that are not verified in advance may not comply with the standards and regulations implemented by the IT department. For example, they may not comply with the GDPR or the data sovereignty.
  • A lack of integration : these tools installed individually may not integrate with the tools already in place, which interferes with the good flow of information between departments and within the company in general, and can also create conflicts between the various applications.
  • Hidden costs : if it is not the IT department who installs and configures the tool, it is the employees themselves who do it. However, they are not paid for doing the work of the IT Department, but for doing their work, which is not progressing during this time. It is also possible for two departments to buy the same software without knowing it, while the IT department could have purchased it only once for the entire company.

How to limit shadow IT in your business

It's hard to completely eradicate shadow IT from your business, but you can limit it. Here's how to do it.

Educate your staff

Generally, employees who download and install applications themselves without going through the IT department do so, on the one hand because it is faster, and on the other hand because the solution selected allows them to be more efficient in carrying out their tasks. In the majority of cases, they are not aware of the risks they are putting the business at risk.

Hence the importance of Raise awareness among your employees about cyber risks, and more particularly to shadow IT. Organize conferences and/or training on the subject and provide them with resources so that they can get informed (lists of approved and unauthorized tools, procedures to follow to obtain authorization to use a particular software, etc.).

Involve your employees

If your employees are installing their own digital solutions, it may be because they are not satisfied with those offered by the IT department. A good idea to fight against shadow IT would be to consult them in choosing the software and applications to adopt. After all, they are the ones who are going to use them on a daily basis to carry out their tasks and communicate with their team members.

For example, pre-select several software programs that meet the security standards you have defined, then have them tested by your employees. Then ask them to give you their feedback. The software that has obtained the most positive feedback is then adopted.

You can also allow your staff to offer tools to be integrated into the business. To do this, set up a procedure allowing the employee to explain why he needs this tool and what the benefits will be for the entire company. You can even create a discussion group specially dedicated to this topic on your corporate social network.

If a software proposal is rejected, be sure to explain why and offer more secure alternatives.

Communicate

It is essential for the IT department to communicate as often as possible with the various departments in order to know their needs and requirements in terms of digital tools because uses are changing very quickly. Thus, the IT department can regularly offer adapted solutions, and gradually eliminate shadow IT.

In summary, to reduce Shadow It, listen to your employees and define clear rules and procedures concerning the installation and use of digital tools within your company.

Other similar items

See all articles
Cybersecurity
Use filtering and access control solutions
4/2/2026
Written by
Lionel Roux
collaboration & cybersecurity
Cybersecurity
Develop a collaborative work culture focused on cybersecurity
4/2/2026
Written by
Lionel Roux
How to make your teams aware of cyber risk?
Cybersecurity
How to make your teams aware of cyber risks?
4/2/2026
Written by
Lionel Roux
See all articles