1. Blog
  2. Procurement
  3. What is shadow IT management and how to handle it
Procurement

What is shadow IT management and how to handle it

April 24, 2026
Written by
Amelia Effy Sultana
Amelia Effy Sultana
What is shadow IT management and how to handle it

Shadow IT has taken over 40% of total SaaS spend.

Shadow IT refers to all digital tools used in an organisation that aren’t approved by the IT or finance departments and represents 60% of your data breaches.

What most organizations don’t know is that it can be managed and actually used as an advantage.

What is shadow IT?

Shadow IT refers to any software, hardware, or digital service used within an organisation without the knowledge, approval, or oversight of the IT department.

This includes everything between the SaaS tool an employee signed up to with their work email, to an entire team quietly adopting a project management platform nobody else knows about.

It's worth saying upfront: shadow IT is not necessarily malicious.

In most cases, it starts with good intentions. Someone needs to get something done, the official procurement process feels like it'll take three weeks, and a free trial is just one click away. So they sign up, it works, they tell a colleague, and suddenly half the marketing team is using a tool that IT has never heard of and finance isn't paying for, until they are.

The problem isn't the initiative or the technology itself; it's the invisibility.

When software enters the organisation through the side door, it brings questions nobody has answered:

  • Is this tool secure?
  • Does it comply with data regulations?
  • Is the company already paying for something that does the same thing?
  • And who's responsible if something goes wrong?

With SaaS spend management tools, shadow IT has become more visible rather than more common, highlighting just how widespread it already is across most organisations.

Shadow IT can take many forms depending on the organisation and team needs:

  • A marketing team using an unapproved analytics platform to track campaign performance
  • Employees storing company files in personal cloud storage like Google Drive or Dropbox
  • A sales team subscribing to a CRM tool outside the official company stack
  • Developers using external code repositories or AI coding assistants without approval
  • Teams adopting collaboration tools like Slack alternatives without informing IT
  • Individuals paying for SaaS tools using personal or company cards without procurement involvement

The problem is that it can start small, a hidden tool here and there, but eventually they stack up and can cause a huge drain that no one quite knows when it began.

What causes shadow IT

Shadow IT is usually a symptom of underlying organisational gaps, it’s not random. Once you understand what went wrong, you can address the issue head on.

One of the most common drivers is slow or rigid procurement processes. When it takes weeks or months to approve a new tool, teams will naturally look for faster alternatives to keep moving.

Another major factor is lack of awareness. Employees may not realise that using unapproved tools creates risks, especially when those tools feel harmless or widely used.

Tooling gaps also play a role. If the official tech stack doesn’t meet specific needs like functionality, usability, or performance, teams will feel the need to look for better options on their own.

There’s also a cultural element. Organisations that lack clear communication between IT and business teams often see higher levels of shadow IT. When employees feel that IT is a blocker, they’re more likely to bypass it.

Finally, the rise of freemium SaaS and AI tools has made shadow IT easier than ever. Anyone can sign up, start using a tool instantly, and integrate it into workflows without oversight.

Managing shadow IT

Shadow IT management should aim to be aware of all tools, how to reduce risks, and to create a system that involves all an organization’s teams and departments in order to balance control and flexibility.

Many organization’s believe that shadow IT should be nipped in the bud, but that isn’t effective or, quite frankly, realistic.

There are generally two schools of thought when it comes to shadow IT:

Anti shadow IT position

The traditional view sees shadow IT as a serious threat.

This is the perspective that considers shadow IT as security vulnerability that can cause compliance risks and data fragmentation.

In this case, shadow IT leads to uncontrolled costs and redundant subscriptions.

Organisations with this mindset tend to prioritise strict governance, centralised control, and limited autonomy.

Pro shadow IT position

A more effective approach is to work alongside shadow IT and take it as a signal of innovation and unmet needs. Instead of suppressing it, companies can learn from it.

Essentially, by analyzing what tools are being used without going through procurement processes, you can (in most cases) see what is missing in the current tool stack, and what tools aren’t meeting expectations.

This view also grants all teams and departments with a level of experimentation, agility, and freedom.

The goal here is to work alongside shadow IT to channel it safely and strategically.

How to implement a shadow IT policy

An effective shadow IT policy should not feel like a restriction, it should act as a framework that allow different teams to make quick and necessary decisions that keep in line with company policies and compliance requirements.

Most of the time, employees will make much better decisions when there is a flexible guideline as opposed to restrictive rules.

  • Step 1: Define what qualifies as shadow IT in your organisation.

Be clear about what requires approval and what doesn’t.

For example, you might require that designing tools that handle client data, such as Figma, require approval, while low-risk tools like note-taking apps for example, can be used freely.

So when a designer wants to try a new prototyping tool, they immediately know whether they needed to submit a request or can proceed independently.

  • Step 2: Establish simple and transparent procurement processes.

If employees know how to request tools and get quick responses, they’re far less likely to go around the system.

For example, a slow approval system can take up to 3 weeks, meaning there is a big bottleneck and increasing frustrations between teams and even clients.

Using a Slack channel, the employee or team that needs a new software would submit a request and IT could review it within 48 hours.

As a result, instead of secretly signing up to free subscriptions (that will pop up later on), teams can easily use an official process because it will actually work.

  • Step 3: Create clear communication channels between teams

Without a proper communication channel between IT, finance, and business teams, shadow IT will be living in silos.

The result? In a finance department, employees started using an unapproved analytics tool because IT “never understood their needs.”

A solution is to have a monthly sync, where all teams provide the IT department with demos of preferred tools and bring up current issues.

This allows the IT department to search for a suitable alternative, if needed.

  • Step 4: Educate employees on risks

Employees should understand the risks associated with unapproved tools, not in a fear-based way, but in a practical, business-focused context.

Instead of generic security training, you could run a short session showing how what seems like a harmless AI tool could violate GDPR when they upload customer data.

These types of situations are best expressed with real scenarios where competitors (or even your own company) have faced fines.

This type of training allows all teams to discuss safe alternatives together to avoid experimenting.

  • Step 5: Implement a visibility tool to monitor usage

When you implement visibility tools or procurement platforms, you can detect and monitor software usage and simplify procurement processes effectively.

After all, you can’t manage what you can’t see.

For example, using tools such as Najar teams can easily submit smart purchase requests. All requests will be stored in a unique dashboard where the IT department can easily check the status of each request. And, of course, approve all requests quickly and efficiently.

Najar also includes a collaborative approval room, where you can have discussions. Basically, it is a centralised hub where all discussions concerning the company tool stack take place.

Najar helps detect shadow IT activity through SSO-based monitoring. By identifying vendors and ownership through single sign-on data, IT teams can see which tools are actually being used across the organisation.

For example, if an employee creates a Claude account using “Sign in with Google” linked to their work email, Najar can surface that activity and associate it with the relevant user. This provides a more comprehensive and accurate view of the organisation’s real SaaS landscape, without relying on manual reporting or guesswork.

As an added bonus, Najar includes vendor sourcing, to help IT teams negotiate the best price and features.

Is shadow IT positive or negative?

There are different views on the matter, and the truth is, there is no definite answer here.

Evidently, the hidden costs of shadow IT are clearly negative, but the key lies in how you manage this.

✔️ Pros

If you decide to take shadow IT as an asset, instead of a threat, you can find some real benefits.

  • Faster innovation: Teams can experiment with new tools without waiting for lengthy approvals
  • Improved productivity: Employees adopt tools that best fit their workflows
  • Early signal detection: Shadow IT reveals gaps in your current systems
  • Greater autonomy: Teams feel empowered to solve problems independently

In many cases, the tools adopted through shadow IT eventually become part of the official stack.

✖️ Cons

However, if you view shadow IT as a mere consequence and not manage it at all, if definitely has its downsides:

  • Security vulnerabilities: Unapproved tools may not meet security standards
  • Compliance issues: Especially critical when handling sensitive or regulated data
  • Hidden costs: Duplicate subscriptions and unmanaged spending can quickly add up
  • Data silos: Information spread across multiple tools reduces visibility and efficiency
  • Operational inefficiencies: Lack of standardisation creates friction across teams

Over time, these risks can outweigh the short-term benefits if not addressed properly.

So, basically, whether shadow IT is positive or negative will depend on how you manage it.

Manage shadow IT with Najar

Shadow IT is a reality in modern organisations. And it is a double-edged sword.

If you treat it like a threat and something that should be avoided at all costs, you could be looking at more and more hidden subscriptions that employees sign up for in the dark.

If, on the other hand, you choose to manage it, you gain greater insights into the backrooms of your company and use it to your advantage.

And, if you want to take shadow IT into your biggest advantage, Najar focuses on the best strategies to offer visiblity into your SaaS stack with structured procurement workflows and smart negotiation outcomes.

Take advantage
of your shadow IT

Book a demo now
Amelia Effy Sultana

Amelia Effy Sultana

Related articles

SaaS License Management: What Is It and How to Do It Right
Contract management8 minutes

SaaS License Management: What Is It and How to Do It Right

A practical guide to SaaS license management, explaining how organizations can track, optimize, and control software subscriptions to reduce waste, improve visibility, and minimize security and compliance risks.

Read article
6 SaaS Management Platforms: Features, Ratings and Business Benefits
Contract management10 minutes

6 SaaS Management Platforms: Features, Ratings and Business Benefits

Not all SaaS management platforms solve the same problem. This guide breaks down the top vendors in 2026, including Najar, Zylo, Vertice, Sastrify, Spendflo, and Vendr, covering who each platform is built for, what it costs, and where it falls short, so you can choose the right tool for your team's size, budget, and procurement needs.

Read article
What Is Software Asset Management? A Complete Guide for IT and Procurement Teams
Contract management8 minutes

What Is Software Asset Management? A Complete Guide for IT and Procurement Teams

Software asset management has quietly become one of the most important functions in enterprise IT. This guide covers what SAM is, how it works, why it matters, and what a mature program actually looks like in practice.

Read article

Step into the cockpit of financial excellence

Get a demo