What is Shadow IT?
A Plain English Guide
Shadow IT is any software, tool, or service your team uses without the business officially knowing about it. It's not malicious. It's just what happens when people get things done. But left unchecked, it quietly drains your budget, creates security gaps, and turns offboarding into a nightmare.
What shadow IT actually is
The term sounds dramatic , like someone in your team is running a secret server in the basement. It's not that. Shadow IT is just the gap between the tools a business officially uses and the tools people are actually using to do their jobs.
It includes things like:
- A designer who signed up for a Figma subscription on their personal card
- A sales person who started using an AI writing tool and expenses it monthly
- A team that moved to a new project management app without telling anyone
- Software trials that became paid subscriptions when the free period ended
- A tool that was set up by a contractor who has since left
None of these people did anything wrong. They needed a tool, they found one, they used it. The problem is that the business has no visibility , and no control.
Real examples from small businesses
A 25-person agency discovers they're paying for four separate Slack workspaces , one set up by the original team, one by a client project lead, and two more that nobody can trace back to anyone current. Combined: £340/month. Nobody noticed because it went on different cards.
A sales manager leaves the company. Three months later, someone realises the CRM they were using is still billing the company £89/month , and the login credentials left with them. The data inside is inaccessible.
A new operations manager does an audit and finds 47 active SaaS subscriptions across the business. The founder thought they had about 15. Twelve of them haven't been logged into in over six months.
These aren't edge cases. They're what most SMEs find when they look properly for the first time.
Why it happens , and why it's not your team's fault
Shadow IT exists because the alternative , waiting for approval to get a tool you need , is slow, and people have work to do. When someone needs to edit a PDF, convert a file, or manage a project, they're not going to submit a request and wait three days. They find something free online and get on with it.
In small businesses especially, there's often no formal process for approving software purchases. Anyone with a company card can sign up for anything. Founders encourage this kind of autonomy , it's part of moving fast. The downside only becomes visible later.
Shadow IT is essentially the friction of bureaucracy being avoided. The solution isn't to lock everything down , it's to make the visible system easy enough that people use it.
What it's actually costing you
The direct cost is the easiest to see: tools nobody uses, duplicate subscriptions doing the same job, trials that auto-renewed. But that's just the start.
The hidden costs are harder to quantify but often bigger:
- Offboarding time. When someone leaves, figuring out which accounts they had, which tools are in their name, and which card to cancel takes hours , sometimes days.
- Onboarding delays. A new hire spends their first week asking "what tools do we use?" because nobody has a complete list.
- Duplicate work. Two teams use different tools for the same job and can't share files or data between them.
- Lost institutional knowledge. A tool someone set up two years ago, for a purpose nobody remembers, that may or may not be connected to something important.
The risks beyond wasted money
When employees use unapproved tools, company data often ends up in systems the business has no control over. If that tool has a data breach, your customer data may be exposed , and you may not even know which tool it came from.
For businesses subject to GDPR, storing customer data in an unapproved third-party tool , one that hasn't been assessed for data processing compliance , can create real legal exposure.
If a critical tool is tied to one person's email address and that person leaves, access goes with them. This has caused genuine business disruption , lost data, broken integrations, locked accounts.
How to get on top of it
The good news is this problem is very fixable. You don't need expensive software or a dedicated IT team. You need visibility , a clear picture of what tools you have, what they cost, who uses them, and who owns each licence.
- Pull your last 3 months of company card and expenses statements and highlight every software or subscription charge
- Ask every team member to list the tools they use regularly , you'll be surprised what comes up
- For each tool: who owns the account, whose email is it registered to, and whose card is it billed to
- Check when each subscription last had an active login , anything over 90 days is a candidate to cancel
- Identify duplicates , tools doing the same job for different teams
- Record all of this somewhere central that isn't a spreadsheet only one person maintains
A one-time audit helps but the problem comes back if there's no system. The real solution is a simple, maintained record of every tool , what it is, what it costs, who owns it, and which team members have a licence. That's exactly what Xodesk tracks, for free.
Xodesk is part of Pair , an all-in-one operations platform for growing businesses. Use Xodesk free to get on top of your SaaS spend, then unlock CRM, HR, bookings and more when you're ready.
See everything your team is using , for free
Xodesk gives you one clear view of every licence, every asset, and who owns what. Set it up in under an hour.
Get started for Free →No credit card. No sales call. Free to use.