January 25, 2022
Explainer

​​The perils of shadow IT: How your finance team can tackle it head-on

,
,

Direct purchasing of SaaS applications and other non-approved software by employees is making it impossible to protect some organizational data, according to almost half of all executives surveyed in a recent poll. The IBM/Forbes report also revealed that 60 percent of organizations exclude this problem—known as shadow IT—from their cybersecurity assessments. Unfortunately, the implications of this problem can be quite disastrous, including everything from data loss risks to unaccounted for spending.

What is shadow IT?

Shadow IT is the use of unauthorized or non-standard information technology solutions in organizations. It’s sometimes called rogue IT or stealth IT. Basically, shadow IT is when employees buy and use hardware, apps, and SaaS outside of their organization's IT department knowledge or approved budget.  

What are the risks of shadow IT?

Businesses shouldn’t underestimate the potential negative consequences of out-of-control shadow IT. And it’s not only a problem for a company’s IT team. It’s a concern for finance leaders, too, as these risks show:

1. No oversight into spend


This is a big headache for finance teams and IT managers alike. Without accurate knowledge of IT spending, your finance team can’t brief the executive team with a full picture so they can make important decisions about IT resourcing. And as every modern business leader knows, IT touches every part of the business. When it’s not in good shape, this can create cascading problems across other departments. 

2. IT redundancies


Shadow IT users may even source new applications that compete with your approved ones.  This increases your businesses overall technology costs because you are, in essence, paying for duplicate tools. For example, you might end up having multiple productivity tools because the approved one was viewed so poorly by users. 

3. Data silos 


Data needs to be a team sport. If your key people don’t have access to the same data about your operations, performance, and service levels then how can you make the right decisions together as a team? Data silos are one of the most pernicious outcomes of shadow IT, because they grow over time and can become harder and harder to cut back once they do.

4. Stranded financial data


Troublingly, disorganized and disparate data is not just an in-house problem. It can get businesses in trouble with customers, investors, and regulators too. As reported in CIO, shadow IT can lead to huge problems, such as multiple financial systems reporting different financial results, which in turn lead to audit fees and even SOX violations, which are financial penalties for masking misleading filings.

5. Data security risks


Another big problem? Shadow IT can open companies up to data loss and data breaches. The IBM/Forbes report notes that 13 percent of organizations have lost data, faced downtime, or experienced other IT security-related problems due to incidents with a cloud-service provider. Even worse? 58 percent of these incidents were security breaches.


Data loss may occur when employees take copies of sensitive data outside their company or store data on their own devices, such as physical drives, smartphones, or laptops. They can also occur when employees are not aware of—or fail to follow—security protocols such as password authentication.

What causes shadow IT?

Employees tend to engage in shadow IT so that they can bypass the often slow and bureaucratic security policies created and enacted by the company's IT department. But there are myriad causes of shadow IT, which can include: 

1. Staff are frustrated with IT services


Many employees turn to shadow IT out of frustration. This can happen when:


  • An IT department is too slow to action service requests
  • An IT department is hindered by legacy software that doesn't have the needed functionality
  • An IT department isn’t providing modern solutions to the problems 

But sometimes, the causes of shadow IT can fall on inaction by the finance team as well.

2. The business or finance team has not set a clear IT expense policy

Many companies will have a budget set aside for software that fits the needs of each department. Unfortunately, some businesses lack an open policy that regulates how employees purchase and use devices and third-party apps. Others may have policies that are too strict, where they restrict access to useful solutions. This can bury the IT and accounting department in requests, approvals, and busywork. Along with these points, if there is oversight in creating an expense policy for IT, the following can happen:


  • Budgets get misused since there aren’t clear policies established. 
  • Businesses can face a surge in unapproved software 
  • IT becomes consumerized in a way that makes shadow IT more attractive to employees. 

3. Sign-offs and reimbursement are chaotic


Chaotic expense policies and reimbursement policies can be just as problematic as non-existent ones. If it’s too hard for a self-starting employee to get approval for a useful solution, then they’re going to take matters into their own hands. This can create a big issue for finance teams, where shadow IT casts an ever-growing darkness over expenditure that just can’t be seen until it reaches a crisis point. 

4. Finance lacks control over IT spending


When employees are unsure if there are funds to pay for a new computer or other necessary expenses, employees will look for other options— and this can lead to maverick spend. Without a solid expense policy, or dedicated spend management solutions, staff have no idea if security devices or software applications are approved. 

Examples of shadow IT

A common example of shadow IT is when employees buy devices or software for work that are not approved by the company expenses policy. Other examples of shadow IT include the unapproved purchases of:


  • physical devices such as flash drives
  • personal messaging apps on work devices
  • productivity apps like Asana
  • and other cloud-based services


Shadow IT increases the risk of sensitive commercial data getting into the wrong hands, either through information-gathering activities in the background of apps, or through the obtaining of information by unauthorized employees within a network. Shadow IT represents a problem for all departments and should be tackled through proactive policy and practice-setting led by both the finance and IT departments.

How to reduce shadow IT and control spend in 5 steps

The good news is you can get shadow IT under control. And with more of your employees working from home and looking to find new ways to drive projects forward and maintain their productivity, it's more important than ever to address shadow IT early.

Step 1: Educate your employees about shadow IT


Shadow IT is a problem that can only be solved by employee education and awareness. Tell your teams about the risks associated with shadow IT by training them on security best practices. You can also:


  • Ask employees to disclose the external solutions they are using to handle company data
  • Task IT with establishing security protocols for the use of these applications
  • Continuously monitor the use of these resources across the organization


Education will be far more effective than criticism, because after all, shadow IT users have genuine motivations. They just want to get their work done faster and more efficiently.

Step 2: Implement spend management automation


Left unchecked, shadow IT can be a tough process to wind back. Without digital spend management and oversight, it's practically impossible. Armed with the right software program, IT departments and finance teams can dramatically cut instances of shadow IT, by automating expense approvals and reporting. 

Step 3: Set category spending limits in IT


Guardrails on IT spending can help too. For example:


  • Give your employees the guardrails to buy and use only the very best tools for the job
  • Restrict card spending to certain merchants or SaaS companies
  • Cap purchase volumes in categories like SaaS, computer hardware, and apps


And don’t worry. Setting category spending limits is not about putting a brake on employee productivity or problem-solving. It’s about ensuring the right resources are used by the right people.

Step 4: Automate IT expense reconciliation


Expense reports take forever and are prone to errors. This is why instant reconciliation is a must-have, especially if it’s able to automatically collect, match, and categorize paper receipts in real-time.

Step 5: Transform IT reimbursement


Paying employees back for business-related expenses has always been a slow and cumbersome process. In fact, it’s one of the main drivers of shadow IT. Often, employees would rather power ahead, buy what they think they need, and ask for forgiveness or permission after the fact. 


But now, you can streamline reimbursements by giving employees corporate cards like Ramp that are easy to customize with category limits, spending limits, and merchant limits too.

Bringing shadow IT into the light

When employees use software your IT department isn't aware of, it opens your business up to security risks and opens you up to zombie spend. Anyone who tells you that shadow IT is an easy problem to solve is not giving you the full picture. 


While it can’t be eliminated, it can be radically reduced. You can educate staff, trust them and then verify their commitment by monitoring the expense reports and corporate credit cards given to anyone in the organization. Years ago, that would be a mammoth task. Today, modern spend management tools like Ramp have made shadow IT a far more manageable threat.


Are you ready to reduce the risks of shadow IT with better spend management? Get started with Ramp today.


Learn how Ramp strengthens your finances

Error Message
No personal credit checks or founder guarantee.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
The Ramp team

More Resources
View All
No items found.
View All
FAQs
Meet our customers

How we helped Sandboxx replaced Amex, Expensify, and Bill.com with Ramp

How we helped SwagUp save over $30k in SaaS spend

How we helped Fi scale its finance function

Marqeta closes its books 88% faster with Ramp + Sage

How Long Meadow Ranch got on top of its multi-entity spend

How we helped New Way Landscape remove bottlenecks and Expensify

How we helped Walther Farms switch from Expensify to close its books 10x faster

Learn more about Ramp

Streamline approvals.
Review requests, pre-approve expenses, and issue general expense cards in a few clicks – or directly in Slack. Delegate approvals and empower your team leads to spend on the things they need and control their team’s expenses.
Learn more
Issue instant cards.
Unlimited virtual and physical cards with built-in spend limits, instantly available for everyone in your team. Define spend rules and let your smart cards enforce your policies automatically. No more surprises or under-the-radar spending.
Learn more
See spend as it happens.
Stop waiting on monthly statements or manual spreadsheets. Find, browse, and download real-time transactions from any employee, department, or merchant – on any device.
Learn more
Close your books 5x faster.
An accounting experience by finance teams, built for speed and efficiency. Automate manual processes and start enjoying instant reconciliation – Ramp does all the heavy lifting.
Learn more
Trim wasteful spend.
Ramp analyses every transaction and identifies hundreds of actionable ways your company can cut expenses and alerts your team via email, SMS, or Slack. It’s like having a second finance team, laser-focused on cutting costs.
Learn more
Consolidate reimbursements.
Ramp makes it easy to reimburse your employees for any incidental out-of-pocket expenses. Review, approve, and pay employees back for anything that didn’t make it onto a card with the rest of your Ramp transactions.
Learn more