Many companies are increasingly facing a major obstacle in the context of digitalisation. Although employees are provided with all the IT resources they need to do their work, many employees use their own systems instead. These are already better known to them or simply more comfortable. Such technologies are often clouds or online-based IT systems such as Dropbox or AWS.   And the big problem is already: a shadow IT is created, which entails a lot of risks and security traps.

What exactly does the term “shadow IT” mean?

Shadow IT is the unauthorized use of off-duty second systems, which are used by employees additionally or even instead of the company’s in-house IT solutions. Employees can be quickly dazzled by the simple handling or a nice design. At the same time, they forget to take into account the risks involved. What is often not clear to the workforce is that unofficial apps for project management, data sharing, or even note-taking systems are also covered by the concept of shadow IT.

Reasons for the emergence of a shadow IT

But how does a shadow IT come about in the first place? What are the reasons that people at home and in the office themselves are lured to use unofficial IT resources?


It is not uncommon for the emergence of a shadow IT to be based on the coziness and desire for comfort in the workforce. New systems or different IT resources at home and in the workplace are a thorn in the side of many employees. After all, they usually involve a greater effort. Since man is inherently predisposed to convenience, many employees relativize the use of company-external IT systems with the handling they know or the alleged time savings.

High complexity of company tools

Especially when the company has recently implemented the use of new IT resources, many employees find themselves trapped in the complexity of the new systems. In order to avoid the annoying and often lengthy internalization of new IT solutions, they often simply resort to the use of their own programs.

Mobile devices

But mobile devices such as tablets or the classic smartphone also drive employees to use familiar materials at work and to use the integrated IT systems for the purpose of the company.

Shadow IT also possible in the home office

In addition, it often happens that employees find IT in the company so cumbersome and, as a result, also use their own IT at home. For example, this can take the form of using Lotus Notes in the enterprise instead of MS Office. The consequence: Employees send documents to the private PC process them with MS Office and then send them back to the company PC or use WhatsApp during working hours for communication.

Risks of Shadow IT

Employees often hide the dangers of this approach in the home office as well as in the workplace itself, or are not even aware of their wrongdoing.

Difficult data management

When each employee manages their work and related data and information in another IT resource, the IT department, whose task is to pair all data assets, easily loses track. Data from different systems is difficult to combine and analyze. This can eventually lead to patchy data management, which can also result in the loss or worthlessness of important information.

Loss of control of the IT department

After all, IT processes can no longer be traced at all on the basis of difficult or incomplete data management. This can result in a total loss of control of the IT department. This slows down processes and systems in the company or makes them unworkable.


But general IT security can also be exposed to high risk by using shadow IT. Often, external IT resources have unknown danger points that the employee is unaware of. This makes it much easier for hackers and cybercriminals to enter the company and to steal important data.

Risks of a Malware Attack

In addition, online-based IT resources in particular are at risk of malware attacks. Thus, malware can already be injected into company-internal processes via a simple update of such a web service.


Last but not least, it should also be noted that major problems can arise, particularly with regard to the recently introduced new EU GDPR. The new regulation requires companies to maintain the security of customer data. In the worst case, employees release data outside the company through the unofficial use of a shadow IT, resulting in   compliance violations of the EU GDPR.


However, there is no general and easily transferable solution for eliminating a shadow IT in the enterprise. Instead, companies should be careful to support their employees in the learning process of new technologies in the best possible way. It is also recommended to provide employees with tools that are as comprehensible as possible, rather than relying on complex systems. In this respect, it is also appropriate to involve the workforce in the selection of suitable IT systems, thereby ensuring the practicality of the new technologies. For this, it is important that the IT department and the staff are in constant contact and exchange with each other, so that a desire to use unauthorized IT programs does not arise in the first place.

Genderhinweis: Ich habe zur leichteren Lesbarkeit die männliche Form verwendet. Sofern keine explizite Unterscheidung getroffen wird, sind daher stets sowohl Frauen, Diverse als auch Männer sowie Menschen jeder Herkunft und Nation gemeint. Lesen Sie mehr dazu.

Falls es noch Fragen gibt, können Sie mich gerne anrufen. Hierzu einfach im Buchungssystem nach einen freien Termin schauen. Ich nehme mir jeden Monat einige Stunden Zeit um mit Lesern zu interagieren.

Helfen Sie meinem Blog, vernetzen Sie sich oder arbeiten Sie mit mir

Sie haben eigene, interessante Gedanken rund um die Themenwelt des Blogs und möchten diese in einem Gastartikel auf meinem Blog teilen? – Aber gerne! Sie können dadurch Kunden und Fachkräfte ansprechen.

Ich suche aktuell außerdem Werbepartner für Bannerwerbung für meinen Blog. Sollte es für Sie spannend sein Fachkräfte oder Kunden auf Ihre Seite zu leiten, dann bekommen Sie mehr Informationen hier.

Vernetzen Sie sich in jedem Fall auf Xing oder LinkedIn oder kontaktieren Sie mich direkt für einen Austausch, wenn Sie gleich mit mir ins Gespräch kommen wollen. Werfen Sie auch einen Blick in meine Buchvorschläge zur Digitalisierung, vielleicht wollen Sie mir auch ein Buch empfehlen?

Ich arbeite gerne mit Unternehmen zusammen. Sie können mich ebenfalls gerne bezüglich folgender Punkte anfragen:


I blog about the impact of digitalization on our working environment. For this purpose, I present content from science in a practical way and show helpful tips from my everyday work. I am a manager in an SME myself and I wrote my doctoral thesis at the University of Erlangen-Nuremberg at the chair of IT Management.

Durch die weitere Nutzung der Seite stimmen Sie der Verwendung von Cookies zu. Weitere Informationen

Die Cookie-Einstellungen auf dieser Website sind auf "Cookies zulassen" eingestellt, um das beste Surferlebnis zu ermöglichen. Wenn du diese Website ohne Änderung der Cookie-Einstellungen verwendest oder auf "Akzeptieren" klickst, erklärst du sich damit einverstanden.