The gap between the business and the traditional IT department is widening. With ever-increasing pressure to perform, employees, frustrated by rigid organizational structures, are circumventing the CIO organization to achieve their own IT outcomes.
This is known as “Shadow IT.”
Shadow IT is not a new concept, IT departments have despaired for many years at staff and department who download and install their software to get the job done. The recent explosion in Shadow IT though, has been dramatic because of the rise of SaaS applications.
It occurs most often when employees or teams decide they need to use a file-sharing application, social media platform, or collaboration tool that is not required for the entire company. For example, a marketing team may decide to use Dropbox or Box for file-sharing, without telling the IT department.
CEB estimates that 40% of all IT spending at a company occurs outside the IT department. Of course, the costs of Shadow IT go far beyond license costs. A recent study from EMC suggests that data loss and downtime cost a total of $1.7 Trillion each year.
To better help you understand the financial impact of Shadow IT, here are all the different ways that Shadow IT can cost your organization.
Security and Data Breaches
We’ve written before about the top Shadow IT security risks in 2020. Two of the dangers we outlined was ransomware attacks and data breaches.
The average cost of ransomware attacks in the fourth quarter of 2019 reached $84,116 – reflecting a staggering 104% increase from $41,198 in Q4 2018, a report from cyber incident response firm Coveware has found.
That’s just a ransomware attack. In the US, a data breach costs a company on average $8.19 million, an increase from $7.91 million in 2018, and more than twice the global average. The cost per breached record, $242, is steeper too.
Unused Software Licenses
According to a study from 1E, US organizations wasted $30 billion—yes, billion—on unused software over four years.
1E’s study focused on the US and UK, and it found that approximately $34 billion in yearly licensing waste is generated. 30% of applications go entirely unused, and a further 8% are used less than once a month.
Duplicate Software Licenses
When we talk about redundancy or duplicate apps, we are considering how many different email, file sharing, sales and marketing automation, project collaboration, messaging, and other cloud capabilities are being used.
It’s easiest to illustrate the cost of this with an example. Let’s say your organization has 200 employees with one department of 100 employees who prefer Slack over Rocketchat and another department of 100 employees who choose a to use the duplicate Rocketchat app.
Your organization is paying $12,000 for 100 employees who use Slack and $24,000 per year for those who use Rocketchat. That’s $36,000 per year for 100 people to use their preferred internal communications tool.
There’s also the cost of providing access to all these shadow apps and services, which can result in network congestion, excessive mobile data charges and lost productivity as business users are forced to provide their own technical support. We can lump all of these costs under the umbrella of “network costs.”
The existence of Shadow IT should be a prime concern to all companies looking to become GDPR compliant as its existence endangers the security of sensitive data vouchsafed under the new legislation.
Organizations found to be violating the core principles of the GDPR can incur fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is greater.
The list of costs goes far beyond the five listed above. Usually, business teams won’t have the capability to run new services from an operational perspective and will look to pass them to IT.
Uncovering and eventually eliminating Shadow IT will, for most organizations, be a long and painstaking process. But it is one they must embrace and execute as thoroughly as possible. Only then can the risks and costs outlined above be eliminated permanently.