Exploring Digital Transformation, SaaS Security, and the Impact of Shadow IT
The Intersection of Digital Transformation and Shadow IT
Digital transformation is already well underway and has made employees more software-savvy than ever before. Marketing, HR, and sales use nearly as many applications as any tech department. Other lines of business now provision and manage more apps than the IT department (56%), growing by around 4% yearly. There are clear advantages to agile, distributed IT environments, including greater engagement and productivity. However, a decentralized IT environment could do more harm than good without the right Software Asset Management technology. Research by Gartner suggests that companies without centralized SaaS management are five times more vulnerable to cyber incidents or data loss. For companies committed to scaling digital transformation efforts, mitigating the risk of applications lurking in the shadows is a must.
What do we mean by “digital transformation”? According to McKinsey, digital transformation is a “fundamental rewiring of how an organization operates” with the goal of utilizing new and relevant technology in all areas of business, at scale, to stay competitive and enhance both productivity and efficiency.
Welcome to Part 1 of our shadow IT series! In this article, we’ll explore the benefits of digital transformation, the key dangers of unmanaged applications, and the characteristics of the modern workplace that allow shadow IT to flourish. In Part 2, we’ll look at strategies to illuminate shadow IT and the benefits of making room for Business Managed Applications.
Read more from our recent SaaS series here:
The Shadow of Digital Transformation
The use of innovative technology enhances productivity and increases efficiency through creative ways of solving problems with software and automating mundane tasks, freeing people to ideate and innovate. Engaged employees are 87% less likely to leave their current jobs for greener pastures.
According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. But digital transformation also has a shadow. It inevitably leads to flexible and fast acquisition of new software that IT may not always have visibility of. To experience the full benefits of digital transformation, companies must mitigate the risks of shadow IT.
The Perfect Storm for a Thriving Shadow IT Environment
There are clear upsides to embracing new methods of acquiring and using software, but there are also downsides to having a large library of unmanaged SaaS applications. Modern workplaces create the perfect conditions for shadow IT to flourish. Let’s explore a few.
Ease of Access: Shadow IT flourishes because it’s just so easy. As an employee, if you’re given a new task that requires new skills, a SaaS application that can support you is literally just a click away. This has its positives (i.e. Creativity, increased productivity, heightened role responsibility, efficiency), but it’s an obvious reason why shadow IT infrastructures are exploding.
Remote Work: Shadow IT usage has increased by 59% because of remote work. Remote work increases the size of a company’s shadow IT infrastructure for several reasons. First, see above: ease of access. When working from home on a laptop, it’s just quicker and easier to trial a new software without running it by anyone. Second, there’s the psychological impact. Most people are naturally more cautious about what they download, open and use on their work computers. However, when the line between work and home blurs, and many employees use their laptops for both personal and work-related matters, it’s easy to view that new SaaS app as harmless.
Lack of Communication and Collaboration: In an ideal world, companies could have the best of both worlds. Departments would be free to provision their own software, but they would also stay in regular communication with their IT department, keeping them up to date on any new additions and enabling these new apps to be onboarded and managed appropriately. In an even more ideal world, this would be a formality to make things easier because IT would immediately detect new SaaS apps with their advanced SAM technology.
But in the real world, busy schedules and higher priorities mean that this doesn’t happen. Shadow IT thrives in environments where communication and collaboration is low. This contributes to important stakeholders being left in the dark and being forced to catch up or engage in guesswork to hunt down and manage new applications.
This also works both ways. It’s unfair to expect employees to really grasp the risks of shadow IT, company policy towards Business Managed Applications, and best practice for software provisioning if the IT and security departments don’t engage in open and frequent communication with other stakeholders. All in all, siloed organizations with unclear policies and low communication are a breeding ground for shadow IT mishaps.
Inadequate SAM Tooling: Employees will continue to utilize new SaaS apps, hybrid/remote work is here to stay, and even with the best communication, collaboration, and IT governance, you can’t catch ‘em all. And honestly, the IT department shouldn’t have to! The existence of shadow IT is not an indication of failure on the part of the IT department, it’s an indication that the software landscape is changing, and Software Asset Management needs to keep up. Human error necessitates that some applications fall through the cracks.
Relying on IT staff alone to manage SaaS sprawl, shadow IT and the spend and security implications of it is not only unfair and unwise, but frankly, impossible. SaaS sprawl and shadow IT are modern problems that require modern, innovative technology. That’s why modern businesses don’t leave the control of their IT environments up to chance. They use a SAM platform to control it for them. A SAM platform designed to address the challenges of modern IT environments can detect and manage shadow IT installations instantaneously, regardless of the quality of shadow IT policies or the standards of communication and collaboration in an organization. With a tool like this, the full potential of digital transformation is accessible, and the risk of unmanaged applications is covered.
The Cost of Shadow IT: What You Don’t Know Can Hurt You
IBM defines shadow IT as the installation and use of applications without the approval or oversight of the IT department. Most organizations struggle to achieve visibility of their software environments, and shadow IT only worsens the challenge.
While it facilitates an agile work climate, shadow IT causes decentralization that increases blind spots within the IT environment and puts businesses at risk of regulatory failures and licensing non-compliance. A recent study by Entrust found that 77% of IT professionals are concerned about the impact of shadow IT, and for good reason.
1. Unmanaged Spend
Unknown software increases unmanaged spending across the organization as costs are often hard to track and may not align with an organization’s software budget. Gartner estimates that shadow IT spending accounts for 30-40% of total IT spending in large organizations, while Everest Group puts estimates as high as 50%.
If 30-40% of enterprise software spend is on unmanaged apps, and research shows that half of all SaaS licenses are unused. 15-20% of shadow IT spend could be cut along with spend on all other underutilized SaaS licenses simply by having visibility into: a) All SaaS apps in an IT environment, including shadow IT, and b) Data on actual consumption of those apps.
Most companies are missing out on significant cost savings because of the latter. Even if they have a Software Asset Management platform that recognizes some of their SaaS, it doesn't provide them with insight into actual usage. This goes to show that the software has evolved , and most SAM platforms are racing to catch up. But not all.
"If Teams were running in the background all day, other platforms would’ve told us that it was being used all day. With Xensam we can drive significant cost savings by tracking how much applications are actually being used.
With Active Usage, we discovered that some specifically requested applications had actually been used for a grand total of 2 minutes!
Before, we knew what we had and where it was, but not if it was being used. We searched the market, and there was no other platform that could provide use with information on actual application usage down to the minute like Xensam.”
- Isle of Wight NHS
2. Unmonitored Security
Nearly 75% of IT leaders say security is their top concern regarding SaaS sprawl and shadow IT, and rightfully so. Over the past two years, more than half of security executives report dealing with a SaaS-related security incident. These incidents can be costly to both money and time resources. Businesses lose an estimated 1.7 trillion annually from data loss and downtime costs from security breaches related to shadow IT.
With SaaS applications, direct monitoring of the security practices of the vendor is not possible, which can lead to data leakage, poor access controls, insecure integrations, regulatory gaps, and data privacy risks. This downside is particularly relevant given that 78% of organizations store sensitive data in SaaS applications.
Clearly, there’s a big need for more visibility into SaaS applications. If employees are using new software, and storing sensitive data in that software, it’s crucial that IT and security departments remains in the loop to do proper due diligence on software vendors to prevent potential security nightmares.
3. Uncontrolled Compliance
Compliance is the cornerstone of Software Asset Management. While SaaS provides ease of use and flexibility to end-users, ensuring compliance isn't such a breeze. Nearly 8 in 10 enterprises report that software compliance issues have either increased or remained the same after moving to the cloud. The complexity of SaaS and cloud license management is evident in the purchasing and renewal process.
When overseen by IT, the average SaaS buying process takes about 100 days, while renewals take 60 days end-to-end. This results in 385 hours spent on SaaS purchase and renewal meetings per year. That means the responsible employees would spend 61% of their total working days being involved in software contract management processes alone.
When the demands of day-to-day business necessitate a quicker approach to software provisioning, it’s possible that more nuanced security and compliance points might slip past untrained eyes and open the door to potential license compliance violations. Managing known licenses is hard enough, and unmanaged licenses increase the risk of contractual violations related to consumption, unlicensed feature usage, unpaid user access, and more.
Conclusion
The software landscape has evolved to a place where decentralized IT environments are the norm, and other departments provision more software than IT departments do. With digital transformation set as a firm goal for modern enterprises, companies need to find a modern solution to maximize the benefits of agile software use while balancing the risks of totally unmanaged applications. Ease of access to SaaS, hybrid and remote workforces, siloed teams, and inadequate SAM tooling create the perfect storm for shadow IT to flourish. While this creates significant financial, regulatory, and security risks, there is a simple, innovative solution to shadow IT control: a SAM platform designed for the modern era.
In Part 2 of this series, we’ll cover the cautionary tale of ChatGPT, strategies to illuminate shadow IT, and practical ways to embrace digital transformation and make room for business-managed applications.
Have any more questions about shadow IT? Submit them to What the FAQ here >>
Xensam has been named #1 Highest Growth in the inaugural Main Software 50 Nordics Awards.
This mid-size US company saved $100K on software licenses with Xensam’s software utilization data and improved software budget cyc
This webinar focuses on how IT leaders can effectively tackle IT budgets to support organizational goals, communicate business nee