Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Startup
Growth
Enterprise
Resources Hub
Kandji Blog
Customer Stories
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
Shadow IT in Practice: How 100+ IT Professionals Adapt, Respond, and Redefine Control
Kandji Team
Shadow IT has always been a loaded term, typically implying rule-breaking, risk, or lack of control. But the reality is more nuanced. When we surveyed 115 IT professionals, what we found wasn’t a story of defiance. It was one of friction.
Shadow IT often emerges not because people are ignoring policies, but because they're trying to move faster than those policies allow. And in that gap (between what users need and what IT is ready to approve) you find opportunity. Opportunity to engage, to improve visibility, and to evolve processes.
Our survey was designed to understand how Shadow IT actually shows up in modern organizations: where it's happening, what's driving it, and how IT teams are responding. What emerged is a clear signal:
Shadow IT isn’t a threat to clamp down on. It’s a conversation waiting to happen.
Who We Heard From
Our respondents spanned a wide range of industries and company sizes, but they shared one thing in common: they’re the ones closest to the work.
- 45% identified as IT admins
- 42% were IT managers or directors
- 8% were security/compliance professionals
The majority came from mid-sized organizations (101–500 employees), though large enterprises and smaller teams were also well represented.
This was not a theoretical sample. These are the people on the front lines of device management, procurement, policy enforcement, and user support.
Why Shadow IT Happens
We asked IT professionals why employees use unauthorized tools, the responses challenged the traditional framing of Shadow IT as rebellion. Instead, it looks a lot more like unmet needs:
- 72% said it’s caused by lack of policy awareness
- 59% said users prefer familiar tools
- 49% pointed to speed and efficiency
- Another 49% highlighted provisioning or onboarding gaps
Reading between the lines of open-ended responses, we found telling explanations:
- "When they are aware of policy, it is a desire to avoid asking or working with IT, in order to avoid an answer of no or in their perspective, avoid complexity."
- "It's easier to ask forgiveness than wait for approval."
- "End users wanting the latest thing."
Our takeaway is that most shadow IT isn't adversarial. It's users working around slow or unclear processes to do their jobs better. Which means the solution isn't stricter control, it's designing systems that don't get in their way.
What Shadow IT is Costing Teams
Yes, shadow IT introduces risk. But the impact goes far beyond security breaches or noncompliance.
- 75% said shadow IT poses a security threat
- 74% were concerned about data leakage
- 57% called out overspending on unused or duplicate tools
- 55% flagged audit failures
- 29% noted interoperability issues
Beyond visibility, several respondents pointed to direct financial impacts:
- Shadow IT tools often show up in monthly reconciliation reports
- Expense reports reveal unauthorized purchases after the fact
- Some teams only become aware when vendors reach out for enterprise-level payments
Shadow IT is a visibility problem first, but it quickly becomes a financial one. The hidden cost of untracked software adds up, exposing inefficiencies not just in security posture, but in spend management and procurement.
The Rise of AI Tools in Shadow IT
There was one category of tools that came up more than any other in open responses: AI.
Whether it's ChatGPT, browser extensions, note-taking apps, or meeting recorders, 44% of respondents pointed to AI tools as the most common form of shadow IT in their organizations.
That's not surprising. AI tools are easy to access, hard to monitor, and often operate in gray areas of policy. They're fast-moving, viral, and in many cases, genuinely helpful, which is exactly what makes them hard to manage.
AI is now the frontline of shadow IT. If you don't have a clear policy for AI usage, you already have a shadow AI policy—you just didn't write it.
How IT Teams Are Adapting
We wanted to know how IT teams respond when shadow IT surfaces and whether they see it as something to shut down or something to work with.
Here’s what they told us:
- 68% said they respond based on context and the tool in question
- 48% try to find a compromise
- Only 9% go with a blanket denial
This reflects a shift from reactive enforcement to more thoughtful decision-making. And many teams are backing that up with real process:
- Short-term exception approvals
- Data protection and impact assessments
- Business-case review flows
Instead of defaulting to "no," the best IT teams are designing decision paths that scale. As one respondent shared, "We allow employees to put tools and apps through our procurement process so they get a fair chance."
What’s Working in Managing Shadow IT
So what's actually making a difference? Respondents shared the tactics that help them stay ahead of shadow IT:
Visibility and monitoring tools:
- "Using tools like Zluri"
- "Endpoint monitoring for traffic, apps"
- "OAuth signature discovery tools (Nudge Security)"
- "We enabled Gatekeeper and that has stopped all unapproved installs"
Process improvements:
- "A process for requesting and working through approving Applications"
- "Creating a healthy relationship with the business where employees feel supported"
- "Having a robust & easy software approval policy"
- "Proactive controls. Socialisation of process."
Communication strategies:
- "Openness and honesty. We treat our employees as adults"
- "Communication and Auditing"
- "Talking with teachers to see what their needs are"
- "Creating a sanctioned alternatives catalog"
But not everyone has figured it out:
- "We have not addressed it yet"
- "This problem was never addressed"
- "We're waiting on leadership for a real policy"
The most effective teams combine monitoring with communication, documentation, and shared ownership. Technology helps, but culture closes the gap.
Embracing Shadow IT as Feedback
Perhaps the most significant finding from our survey is that shadow IT often reveals process gaps that lead to meaningful improvements.
Nearly half (49.6%) of respondents reported that shadow IT had revealed process or policy gaps that prompted changes in their organization.
Another 25.7% recognized gaps but haven't adapted yet.
If Shadow IT keeps showing up, it might not be a problem to control. It might be a message you need to listen to. Every unauthorized install represents an opportunity to ask:
- Why wasn't this tool available through sanctioned channels?
- What friction in our approval process led to this workaround?
- Which user needs aren't being met by our current toolset?
From Policing to Partnership
Shadow IT isn't going away. If anything, it's becoming more complex—as AI tools proliferate, as teams adopt new workflows, and as users continue to expect flexibility.
But what our survey surfaced is clear: the real challenge isn't just unapproved tools. It's unexamined processes.
IT teams that treat shadow IT as feedback rather than failure are better positioned to adapt to changing technology landscapes. This means:
- Building friction-free processes that make compliance easier than workarounds
- Creating sanctioned alternatives catalogs that satisfy user needs while maintaining security standards
- Implementing continuous discovery tools that provide visibility without punitive consequences
- Establishing evaluation frameworks that can rapidly assess and onboard valuable new tools
The most telling statistic?
Only 9% of organizations outright deny requests for unsanctioned tools. A dramatic shift from IT's historical stance. Today's IT leaders recognize that their role isn't to be the "Department of No" but to be strategic partners in enabling secure, productive work.
So the next time an app shows up outside your sanctioned list, don't just block it. Start a conversation. Ask what problem it's solving. Then ask whether your current systems are solving it too.
Because shadow IT isn't a threat to avoid. It's a signal to evolve.
This article is based on survey data from 115 IT professionals across various organization sizes and roles, collected by Kandji in 2025.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.