How Shadow IT Harms Organizations IT needs real-time visibility into end-user behavior to protect against threats such as data leakage, malware infections and account takeovers. When shadow IT takes place at scale, it introduces significant risk. Shadow IT is to blame for expanding attack surfaces and costly security incidents. In a recent Red Canary report, 73 percent of security leaders said their attack surface has widened by an average of 77 percent in recent years. In addition, 87 percent of respondents said they had a security incident in the previous 12 months that they were unable to detect and neutralize before it caused a negative impact. At the same time, shadow IT is highly resource intensive. Companies often allocate a sizable portion of their technology budgets to shadow IT in the form of duplicate accounts and unnecessary licenses. IT workers also typically spend a significant amount of time detecting and enforcing shadow IT, which creates time waste and pulls them away from higher-value tasks. And shadow IT is accelerating, with Zendesk reporting that shadow AI usage has increased by as much as 250 percent year over year in some industries. Gartner predicts that 75 percent of employees will acquire, modify or create technology outside of IT’s visibility by 2027. The issue is also becoming more complex, with workers now using a variety of AI-driven tools to streamline workflows and boost productivity – often with little regard for how they impact security. According to Microsoft, 78 percent of AI users are bringing their own AI tools to work, in a trend known as bring your own AI (BYOAI). Meanwhile, 52 percent of people who use AI at work are reluctant to admit using it for their most important tasks. Looking ahead, shadow AI is bound to get worse as we transition into the agentic AI era, or the “third wave of AI,” and a new class of productivity tools become available to workers. It’s important to keep in mind that shadow IT is a policy-related issue. Today there are a wide range of solutions for mitigating shadow IT, including endpoint detection, security information and event management (SIEM) and data loss prevention (DLP), among others. But while these services can help detect unsanctioned technology usage and protect assets, they all fail to address the underlying issue: When IT fails to meet workers’ needs, employees will likely go rogue and acquire tools on their own. This is the root cause of shadow IT, and it will always persist regardless of what technology you throw at it. Partnering for Success Faced with the realization that shadow IT isn’t going away, a growing number of technology leaders are abandoning command and control management. Instead, they are partnering with business units to understand their technology needs more closely and improve visibility and collaboration. This shift aligns with a broader business trend that has been picking up steam in recent years. O.C. Tanner found that command and control leadership practices contribute to a 43 percent decrease in overall employee experience, as well as a 42 percent decrease in workers’ sense of opportunity. Companies with traditional command and control leadership are also 84 percent less likely to increase revenue. Attempting to place an outright ban on shadow IT wastes resources and positions IT as a barrier to success instead of a trusted ally. Leaders that The Differences Between Shadow AI and Shadow IT Shadow AI Shadow IT Definition Use of AI tools and technology without IT or data governance team approval Use of unapproved IT software, hardware, or infrastructure on an enterprise network Adoption Adopted by individual employees seeking to improve productivity and tool convenience Adopted by employees or teams to address IT challenges in real time Government and Compliance Lacks IT or data team oversight and control Lacks larger IT or organization oversight Risks • Data privacy • AI model biases • Compliance violations • Lack of transparency • Data breaches • Regulatory non-compliance • Network security threats Cultural Impact Encourages innovation but risks inconsistency in data usage and decision-making Promotes agility but risks a fragmented IT environment and reinforced silos Example Customer service team uses an unapproved AI tool to analyze customer sentiment Employee uses an unapproved storage service to store and share work files Source: Zendesk Workers Using AI Tools Not Provided by Organization Generation Z 85% Millennials 78% Generation X 76% Baby Boomers 73% Source: Microsoft; LinkedIn 16 THE CHANNEL MANAGER’S PLAYBOOK
RkJQdWJsaXNoZXIy NTg4Njc=