February 24, 2023

Is Shadow IT Hiding in Your Company? Tips for Bringing Informal SaaS Out of the Dark


Unsure about how to tackle hidden software used throughout the company? You're not alone.

Nikesh Ashar

Startup and scaleup teams rely on their SaaS stack to simplify their workflow, gather key data, align around key goals, and more. But your team’s eagerness to try new tools could end up causing some problems.

Today, we’ll dive into one of them: Shadow IT.

In this article, we’ll explore:

  • What shadow IT is
  • What causes shadow IT
  • How shadow IT can affect startups & scaleups
  • How to prevent shadow IT at your company through 5 best practices

Ready? Let’s get started! 

What Is Shadow IT? Shadow IT Meaning Explained**

A recent study showed that 65% of all SaaS apps are Shadow IT. But what it Shadow IT?

The term “Shadow IT” refers to SaaS tools, hardware, and cloud-based applications that are being used within a company but haven’t been authorized, managed, or supported by the IT department or other relevant stakeholders. If you want to ensure that your company's SaaS stack is secure, compliant, and efficient, preventing shadow IT is critical. 

Most often than not, employees create shadow IT in good faith. They’re simply testing new tools to boost their productivity. But bringing new tools into a company’s workflow without proper IT support is quite risky.

In this post, we’ll focus on the SaaS side of Shadow IT, which is often referred to as “informal SaaS”.

Some of the most common cases of informal SaaS include:

  • Internal communication tools that are only being used by a small team
  • CRMs that haven’t been approved and adopted company-wide
  • Project management tools that team members use for their personal projects, but that they’ve decided that they also want to use for work
  • Process documentation tools that are adopted in a hurry, to solve a short-term need

What Causes Shadow IT?**

At this point, you may be wondering what causes shadow IT.

Typically, shadow IT occurs for 4 basic reasons:

  • Subscribing to SaaS services is easy
  • Team members feel the need to improve their processes, so they take matters into their own hands
  • The company isn’t flexible when it comes to trying out new tools, so team members adopt new software without involving leadership
  • The company doesn’t have a solid process for trying out, vetting, and monitoring tools

Let’s take a closer look.

Getting New SaaS Subscriptions Is Easy

In most cases, employees can get new SaaS subscriptions with relative autonomy. This can be great when onboarding your team into a pre-approved tool. But it’s also one of the key causes behind shadow IT.

Moreover, Bring Your Own Device (BYOD) increased significantly since the COVID-19 pandemic and the rise of remote work, and that increased the risk of shadow IT.

BYOD is a policy that consists of employees accessing the company resources using their own devices (such as laptops and mobile phones). This new autonomy lead some employees to choose whatever software they had on their computer to get work done. 

That’s why in recent years:

  • 83% of companies discovered unauthorized use of software despite prohibiting the purchase of SaaS subscriptions without approval or control 
  • 59% of startups estimate their employees have approximately 93 unreported SaaS subscriptions 

Shadow IT Can Be Motivated by the Need to Increase Efficiency 

Sometimes, getting trained to use a new tool can be challenging and time-consuming. As a result, some team members may lean towards tools they’re already familiar with, instead of the company-preferred option.

In other cases, employees just believe that their individual usage of a tool shouldn’t involve their company. So, they try it out and eventually adopt it on their own.

Shadow IT is rarely malicious. In most cases, employees use informal software in an effort to boost their productivity. Their intentions are good, so it would make sense to empower them with safe software management practices. 

Stack Rigidity Is a Leading Cause of Shadow IT

Often, employees turn to shadow IT because:

  • The SaaS stack adopted by their organization is insufficient to meet their needs
  • There isn’t room for discussing or trying out new tools
  • Management is unwilling to rethink software spending

Lack of Visibility into Your SaaS Subscriptions May Be the Main Cause of Shadow IT

Last but not least, shadow IT can be caused by insufficient control over the SaaS stack your team uses. In short, some companies don’t have the processes and tools to keep track of their software. It’s safe to say that this lack of visibility may be the main cause behind shadow IT.

However, managing your software to prevent Informal SaaS is easier said than done.

In fact, according to data collected by Cledara:

  • 63% of employees say SaaS management problems are ruining their company's culture
  • On average, organizations are only aware of 40% of the software used by employees

How Shadow IT Affects Startups & Scaleups**

Your team will be grateful if you can fulfill their software needs without a long bureaucratic process. But the flip side is that you could open up your organization to several risks. 


  • Security vulnerabilities
  • Uncontrolled spending
  • Compliance issues

Let’s dive into each one, shall we?

Security Vulnerabilities 

SaaS tools can become a security concern if they interact with business-critical data. 

Implementing an unsafe tool could lead to:

  • Unauthorized access to information
  • Unauthorized information changes
  • Malicious code being introduced into production systems
  • And more

Software implemented without IT approval are more likely to cause security issues than those vetted by experts. 

Uncontrolled Spending

About 30% of SaaS spending is wasted on forgotten, unused, and duplicate applications. With SaaS now being one of modern businesses’ most significant expenses, this uncontrolled spending could eventually jeopardize profitability.

Compliance Issues 

As you may already know, compliance is all about keeping corporate, client, and personal user data secure in the face of increased privacy and cybersecurity concerns. And it’s definitely something that all companies, regardless of size or industry, need to address. 

When your team implements new software, it's imperative to understand the risks it can introduce. And when new software enters unknowingly, these risks escalate.

What’s more, risks tend to increase over time with each new tool added to the mix. Particularly at fast-growing businesses that are onboarding new members while rethinking their stack.

How to Bring Shadow IT Out of the Dark: 5 Key Best Practices** 

When combating shadow IT, it’s of utmost importance to strike a balance between empowering employees and keeping control of your SaaS stack. But, how can you achieve it? There’s no magic recipe, but there are some best practices you can implement.

We suggest you:

  • Educate your team about the risks of shadow IT
  • Establish clear SaaS management policies
  • Address the root causes of shadow IT
  • Monitor your network
  • Turn your shadow IT problem into an opportunity to adopt better tools

Let's take a closer look!

Educate Your Team 

Many employees turn to shadow IT because they aren't aware of the risks it poses. Educate your team on the importance of data security and the potential consequences of using unauthorized SaaS tools

But education can only go so far. At the end of the day, your employees are trying out new tools because they want to work better. And that’s something worth encouraging.

Establish Clear Policies 

Consider establishing a solid process for your team to try out new tools in a transparent and collaborative way.

Develop SaaS management policies and sure that they’re easily accessible to the whole team.

They should cover:

  • Updated guidelines on which apps and devices are allowed
  • Detailed consequences of using unauthorized tools
  • How to share new potential tools with leadership
  • The process for trying out, vetting and fully implementing new tools

Address Root Causes

If you want to effectively tackle shadow IT, you should understand why it’s happening in the first place. In short, you should address the root causes. This won’t only help you reduce the likelihood of shadow IT, but also improve your team satisfaction. 

Connect with your team and ask them:

  • Which tools in your company-approved stack do you find essential?
  • Which tools are frustrating and should be replaced?
  • Are there any tools you’d like to try out?
  • Are you facing any challenges that could be overcome with better tools?

Monitor Your Network

A good way to identify unauthorized devices or apps is by regularly monitoring your company's network. This way, you can quickly address any issues and enforce your policies.

Plus, make sure to:

  • Maintain up-to-date external hidden activity detection and prevention rules
  • Send emails and other alerts to employees if unauthorized logins are detected
  • Encourage team members to report shadow IT if they notice any suspicious activity 
  • Use collaborative SaaS management tools to detect and analyze shadow IT

Use the Problem of Shadow IT as an Opportunity to Adopt Better Tools

In some cases, the tools that teams informally introduce to a company are what's actually driving productivity. If you're dealing with a severe shadow IT problem, consider that this may be the case. 

So, use shadow IT as an opportunity to reassess and optimize your stack. Maybe, those untracked SaaS tools should be formally adopted across your company.

Detect, Reduce & Prevent Shadow IT with Cledara**

In today’s post, we discussed the importance of preventing shadow IT and the best ways to get it done. 

If you’ve been dealing with shadow IT for some time, you may be wishing there was a tool capable of giving you full visibility into your software stack, so you can easily discover and remove unapproved tools.

Let us introduce you to Cledara.

With Cledara, you will:

  • Get a centralized view of your software subscriptions
  • Discover hidden software costs 
  • Manage SaaS platform access and seats effortlessly
  • Unsubscribe from low-ROI subscriptions, with one click
  • Make sure that every team has access to the tools they need
  • Prevent shadow IT
  • Get 2% cash back on every subscription 
  • And much more

End Shadow IT once and for all. Book a Cledara demo today.



Subscribe to our newsletter

Receive the latest insights in your inbox

Nikesh Ashar

I currently look after Quality Assurance and IT at Cledara. Having built a robust QA process and now a team, we work with Product and Engineering to make sure that our software is robust and well tested.

Share this post

Subscribe to our newsletter and stay informed on the latest SaaS insights

Explore more

Explore more

Have You Secured Your Software Stack?

SaaS security is a set of practices, protocols, and processes that have the primary goal of ensuring the security of a company's SaaS environment.
Read more

What is SaaS?

Software as a Service (SaaS) is a cloud computing model that allows users to access applications over the Internet. But there's far more to it - find out here.
Read more

What is an SBOM?

Software providers must now meet SBOM requirements in order to qualify as US public sector vendors. Learn everything you need to know about SBOMs in this post.
Read more

Avoid $65m Cloud Bills with a Cloud Management Platform

Wondering if it's time to adopt a Cloud Management Platform? Here's everything you need to know before investing.
Read more

What Is Software Asset Management? [Benefits & Best Practices]

Software Asset Management helps organizations gain control and optimize software costs and usage. Learn more about its benefits and some best practices in this post.
Read more

IT Governance Framework: A Guide for Enterprise Companies

IT governance is a formal way to integrate an IT strategy into an organization's business strategy. In this post, we’ll cover everything you need to know about it.
Read more

Technology Business Management (TBM): A Guide for Scaleups

Rationalize your IT expenses and align them with your business goals through Technology Business Management (TBM). Here's what you need to know.
Read more

What is Application Rationalization and How to Implement It

Application rationalization is the process of assessing and streamlining an organization's software applications to improve efficiency, reduce redundancy, and optimize resource allocation.
Read more

How to Write a Good Software Business Case [+ Template]

Do you think your company needs to invest in new software? In this post, you'll learn how to write a good software business case. Free template included.
Read more

A Complete Guide to Optimizing Your Website Hosting Costs

Rethinking your cloud spending as you grow? In this guide, we share everything you need to know to reduce hosting costs without affecting your users' experience.
Read more

Software Tech Stack: Definition + How to Manage Yours

Learn what a software tech stack is, why it is important and how to manage one with Cledara.
Read more

9 Software Management Best Practices to Streamline Your IT

Here's how to manage your software investments effectively.
Read more

4 Software Management Processes COOs Should Implement Today

To boost productivity and ensure the whole business is empowered to work efficiently, strong software management is key.
Read more

How Software Management Helps Startup COOs Scale Operations

Ensure that the tools powering your business drive real value.
Read more