In the not-too-distant past, Shadow IT was a fairly straightforward problem. IT was solely responsible for managing business tools, and apps not managed or owned by IT (AKA Shadow IT) created fragmentation and posed a security threat. So IT tamped down on them.
Today, the issue of Shadow IT is much less clear-cut. Software-as-a-Service (SaaS) applications are readily available and easy to install, which makes it difficult for IT to enforce consistent governance policies. Yet most employees who adopt unsanctioned tools do so with the intent of increasing their productivity — not to undermine the efforts of their IT team.
With this in mind, we were curious about the current state of Shadow IT in company application portfolios. We wanted to quantify the impact, so we dug around in Productiv data, analyzing hundreds of instances and tens of thousands of SaaS apps.
Here are our findings: 5 Shadow IT stats we think businesses should keep in mind as they evaluate IT priorities for 2022.
5 Shadow IT stats that businesses should know
1. Shadow IT makes up the majority of the app portfolio
In 2020, 52% of business applications were Shadow IT. In 2021, the number of apps not managed or owned by IT grew to 56% (an increase of 8%).
It’s predictable that companies would see an increase in Shadow IT over the last year, considering the rise of hybrid and remote work options. Many remote employees are trying to maximize their productivity, and it’s easier to search for and select apps as the need arises rather than wait for IT’s approval and support.
But companies may be surprised to discover that Shadow IT now accounts for more of their app portfolio than tools sanctioned by IT. This stat sums up how easy it now is for employees to sign up for business tools that become — you guessed it — Shadow IT.
2. Small businesses have more Shadow IT
Companies with fewer than 500 employees have a larger percentage of Shadow IT apps in their portfolios compared to larger companies.
How much larger? For midsize and large companies, Shadow IT apps make up 52% of portfolios. Small companies, on the other hand, average app portfolios with 68% of tools that are Shadow IT.
This makes sense, since smaller businesses are more likely to have younger and faster-evolving application portfolios. Small companies are also more likely to allow business units to seek out the tools they need to be their most productive.
3. Shadow IT has higher employee engagement
Employee engagement across IT-owned applications is surprisingly low, with just 40% of licenses seeing regular usage. But our analysis reveals Shadow IT apps see significantly higher usage among employees, with an average engagement rate of 54%.
This suggests employees are more likely to use the apps they select for themselves compared to IT-managed tools. That being said, IT-managed apps typically include birthright apps that may be for security or operational purposes. Some of these tools run in the background and may not be intended for regular employee use.
Note: To analyze app engagement, we measured how employees were engaging with apps at the feature level across a 60-day period of usage.
4. Shadow IT has fewer compliance certifications
We looked at how apps meet seven common compliance certifications: CCPA, FedRAMP, GDPR, FISMA, ISO27001, SOC2, and Swiss-US Privacy Shield. Based on our analysis, 83% of apps had three or fewer compliance certificates.
The data was even more stark when we zoomed in on Shadow IT. Apps not managed by IT averaged just 2.3 compliance certificates (compared to the 3.9 average of IT-owned apps).
In other words, many apps may not be meeting compliance standards. That’s a problem, since compliance standards are established by IT and security teams to minimize security risk surface. And IT can’t audit the compliance of apps it doesn’t know about.
The lesson here: Keeping an eye on Shadow IT is just as important, if not more important, than managed applications.
5. Shadow IT can lead to duplicate apps, higher spend, and lower productivity
Based on our data, companies now average around 142 Shadow IT apps in their portfolios.
This can be problematic on two fronts. First, it’s extremely challenging to keep track of Shadow IT apps. IT doesn’t know when apps purchased by business units have overlapping functionality or are redundant to other tools deployed within the business.
Second, companies with a high number of Shadow IT apps face unregulated spend. Businesses are often in the dark about which apps they’re paying for and whether those tools are actually being used. As a result, it’s difficult for IT to accurately manage SaaS spend and to approach renewal conversations armed with the right information.
Also worth noting is the impact Shadow IT has on your employees. A chaotic app portfolio increases the likelihood of information silos and communication issues. Ultimately, this affects your employees’ ability to collaborate and be productive.
How can you apply these findings to your company?
Your business can take a number of steps right away to better manage Shadow IT (while still encouraging employees to explore and leverage new tools). In particular, we recommend:
- Getting a handle on all of the SaaS apps you currently use
- Working to understand how your employees are using SaaS apps
- Being on the lookout for apps that can be consolidated
- Tracking the compliance of your apps and leveraging SSO when possible
You can also use Productiv’s SaaS Management Platform (SMP) to simplify and easily manage your complex SaaS portfolio. We do it all — give you visibility into your entire portfolio, help you proactively track Shadow IT, tell you how employees are using apps, enable you to compare tools with similar functionality, allow you to monitor app compliance, and more.
Check out all of our Shadow IT stats and other findings about business SaaS portfolios in our new data eBook, The State of SaaS Sprawl in 2021.