Shadow IT

Shadow IT is a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval. It is also used, along with the term "Stealth IT", to describe solutions specified and deployed by departments other than the IT department.

Shadow IT is considered by many an important source for innovation and such systems may turn out to be prototypes for future approved IT solutions. On the other hand, shadow IT solutions are not often in line with the organization's requirements for control, documentation, security, reliability, etc., although these issues can apply equally to authorized IT solutions.

It is a term used in IT for any application or transmission of data, relied upon for business processes, which is not under the jurisdiction of a centralized IT or IS department. The IT department did not develop it, or was not aware of it, and does not support it. This increases the likelihood of ‘unofficial’ and uncontrolled data flows, making it more difficult to comply with the Sarbanes-Oxley Act (USA) and many other compliance-centric initiatives, such as:

Some examples of these unofficial data flows are USB flash drives or other portable data storage devices, MSN Messenger or other online messaging software, Gmail or other online e-mail services, Google Docs or other online document sharing and Skype or other online VOIP software, and also other less straightforward products self-developed Access databases and self-developed Excel spreadsheets and macros. Security risks are introduced when data or applications are moved outside protected systems, networks, physical location or security domains.

A 2012 French survey of 129 IT managers revealed some examples of shadow IT :

Another study found that greynet, content apps, and utility tools are the most used shadow systems in organizations. However, CIOs vastly underestimate extent of shadow IT.

...
Wikipedia