How widespread is shadow IT in your organisation? There may be more than you realise and it’s on the increase. We look at what it’s telling you, the risks it poses, and what should you do to combat it.
Shadow IT is surprisingly prevalent, and it’s increasing, with the UK mirroring international trends. IT analysts Gartner predict that ‘75% of employees will acquire, modify or create technology outside IT’s visibility’ by 2027. Up from 41% in 2022.
The Government’s National Cyber Security Centre defines shadow IT as ‘the unknown assets that are used within an organisation for business purposes’. It’s easy to dismissively think in terms of low-level subversion, but Microsoft uses a much broader definition: ‘Shadow IT is the set of applications, services, and infrastructure that are developed and managed outside of defined company standards’. This hints at rebellion!
What Shadow IT Really Tells You
Subversion and rebellion reflect unmet needs.
If employees are seeking their own technology solutions, it suggests failings with the official set-up. We’ll consider the causes below but first let’s think about the problems back door IT could be causing you.
The Risks of Shadow IT
Shadow IT introduces significant risks to an organisation. When data is held in places IT can’t access, it makes it difficult to enforce policies, maintain audit trails, or respond quickly to incidents.
It can also cause operational inefficiencies and add to overall costs. Duplicating resources, with different tools doing the same things, fragmenting workflows, undermining collaboration, and increasing costs through unmanaged subscriptions. At an individual level it causes confusion, with staff unsure which tools are sanctioned. For the IT team it complicates troubleshooting and integration with core systems.
Worse, unsanctioned apps and devices are not protected or monitored by official cybersecurity measures. Which increases the risk of malware infections and exploitation by threat actors. Where sensitive information is stored or transmitted outside approved means there is also an increased risk of data loss or leakage. Alongside this, use of unauthorised IT will be a regulatory or compliance failure and could incur penalties or fines. Depending on your operations, that might include things like GDPR or PCI DSS.
See What's Working & What's Not
Use our Digital Workplace Audit Checklist to quickly assess your M365 setup and start mapping the path to improvement.
Why the Increase in Shadow IT?
There are many reasons why we’re seeing an increase in shadow IT, and the causal factors vary from organisation to organisation and perpetrator to perpetrator.
Often there is dissatisfaction with the existing technology tools – both inside IT and amongst employees. The official tools are, or are seen to be, outdated, lacking necessary features, or poorly aligned to specific workflow needs. The irony is, that with its constant development, Microsoft 365 is already well-equipped to elegantly meet most of your employees’ unmet needs. With new apps, like Viva, adding to these capabilities. Partly this is an issue of perception. For example, many still see SharePoint as the clunky tool it once was, rather than modern, engaging, and user-friendly platform it has become. But there is also a lack of awareness of Microsoft’s true capabilities – not aided by its approach of improving products through a stream of incremental improvements. So, IT are not using already licensed tools and/or employees are not requesting access.
The result is employees pursuing their own solutions. The widespread availability of easy-to-use, low-cost cloud applications makes it easy for employees to adopt new tools. If internal processes allow IT purchases without IT approval, then individuals and departments may bypass IT altogether. We see similar issues occurring when insufficient provisioning governance allows new SharePoint sites or channels to be created at will.
Conversely, too much control can also be a problem. With slow or bureaucratic IT approval processes prompting employees to seek solutions elsewhere, especially if they’re under time pressure.
Additionally, individuals and departments circumvent IT because of a desire for autonomy, internal politics, or a poor understanding of IT’s vision and standards. Employees may not be fully aware of IT policies or the risks of using unapproved tools. There may also be poor communication between IT and business units about available solutions and processes.
Combatting Shadow IT Without Alienation
We’ve already hinted at some of the actions you might take to combat the spread of shadow IT.
Start with a discovery exercise, to understand the scale of the problem. Automated tools, like Microsoft Defender for Cloud Apps, can help you to identify unauthorised applications, services, and devices. This is unlikely to be a one-time exercise, so support this with ongoing monitoring for the appearance of new apps.
Once you know what you’re dealing with, evaluate the risks associated with each. Consider data access, compliance, and security risks to determine whether it should be sanctioned, restricted, or removed.
However, don’t think just in terms of control. This exercise will also help you to understand ‘unmet’ needs. When we discuss this with clients, we usually find that there’s a mix of things going on. An existing technology, like SharePoint, may need a makeover to increase its appeal and usability. While other needs may easily be met by releasing, or better communicating the existence of, capabilities that already exist within Microsoft 365. There can also be a tendency for hard-pressed IT teams to say ‘no’ because it’s easier than learning and implementing new tools like Viva Engage or Viva Connections. Sometimes there can also be some fear of the unknown involved.
Ensure that there is a clear digital front door, like a SharePoint portal or intranet, or Viva Connections dashboard. The key is to stay ahead of employee needs by proactively providing user-friendly solutions that align with workflow needs – reducing the need for unofficial workarounds.
Communication has a vital role to play too. If you provide people with good tools, that they know about them, and they’re easy to access, most will use them. This may mean improving onboarding and training. It may also mean communicating clear guidelines for technology use, including acceptable applications, device registration, and consequences for policy violations. As well as educating employees on the importance of security and the risks of shadow IT.
If this is starting to sound a little arduous don’t despair. Typically, there are a lot of quick and easy wins to be found. For example, our Beacon tool provides direct and seamless access to essential tools from your intranet homepage, or SharePoint app bar.
You won’t anticipate every need, so encourage open communication with business units, so employees are comfortable raising problems and proposing new solutions. Also consider whether you need to streamline IT approval processes to stop people going rogue. Read how we helped one client to set-up self-service provisioning for new SharePoint sites, Teams, and M365 Groups.
Final Thoughts: Empowerment Over Enforcement
Shadow IT shows that people want to work better. Your challenge is to provide appealing and effective tools, that also meet the security and compliance needs of your organisation. First understand your challenge, through a discovery exercise, and then talk to Silicon Reef. We can help you to eliminate much of the need for shadow IT by providing an appealing digital workplace that enables and empowers.
Get Personalised SharePoint Recommendations
Book a SharePoint audit and get a list of personalised, actionable recommendations for how your organisation can do more with M365.
See What's Possible with Microsoft 365
Our free Art of the Possible sessions show organisations how to maximise SharePoint, Viva, Power Platform, and Copilot — with a tailored session and a custom M365 roadmap.
Additional FAQs
How do I know if Shadow IT is happening in Microsoft 365?
Many organisations don’t realise how much Shadow IT is in play until something goes wrong. In Microsoft 365, you can start by checking Microsoft Defender for Cloud Apps (MDCA) for unsanctioned app usage or reviewing sign-in logs via Entra ID (formerly Azure AD). These tools can show who’s using third-party apps, when, and from where.
At Silicon Reef, we help organisations interpret these signals clearly — turning raw data into actionable insights. Often, Shadow IT isn’t just a tech issue, it’s a symptom of unmet employee needs. That’s why we look at both the tech and the people behind the behaviour.
What tools in Microsoft 365 help prevent Shadow IT?
Microsoft 365 includes several built-in tools to help manage and reduce Shadow IT. These include:
- Defender for Cloud Apps for cloud discovery and policy enforcement
- Microsoft Purview for data loss prevention (DLP)
- Conditional Access to block or limit risky app access
But tools alone aren’t the solution. Silicon Reef works with organisations to align governance with user needs — so you’re not just locking things down, but also enabling productivity in a secure way. That’s where the real transformation happens.
Can I block certain apps like Dropbox or Slack in Microsoft 365?
At Silicon Reef, we help organisations find the balance between security and usability, ensuring Shadow IT isn’t just pushed underground, but is addressed transparently and constructively.
How do I track which apps people are using outside Microsoft 365?
To see what cloud apps are being accessed beyond the Microsoft stack, you can:
- Enable Cloud Discovery using Defender for Endpoint or proxy logs
- Review audit logs and usage reports in Microsoft 365
- Combine this with endpoint protection tools for full visibility
Silicon Reef helps IT teams build these insights into their existing reporting workflows — so you can track Shadow IT without micromanaging. It’s about giving teams the freedom to innovate, within a well-defined framework.
What’s the best way to reduce Shadow IT without shutting everything down?
That’s exactly what Silicon Reef does: we bridge the gap between tech and culture. Instead of just saying “no,” we help organisations say “here’s a better way.” And that shift is what truly reduces Shadow IT in the long term.
