Shadow IT has always been a loaded term, typically implying rule-breaking, risk, or lack of control. But the reality is more nuanced. When we surveyed 115 IT professionals, what we found wasn’t a story of defiance. It was one of friction.
Shadow IT often emerges not because people are ignoring policies, but because they're trying to move faster than those policies allow. And in that gap (between what users need and what IT is ready to approve) you find opportunity. Opportunity to engage, to improve visibility, and to evolve processes.
Our survey was designed to understand how Shadow IT actually shows up in modern organizations: where it's happening, what's driving it, and how IT teams are responding. What emerged is a clear signal:
Shadow IT isn’t a threat to clamp down on. It’s a conversation waiting to happen.
Our respondents spanned a wide range of industries and company sizes, but they shared one thing in common: they’re the ones closest to the work.
The majority came from mid-sized organizations (101–500 employees), though large enterprises and smaller teams were also well represented.
This was not a theoretical sample. These are the people on the front lines of device management, procurement, policy enforcement, and user support.
Reading between the lines of open-ended responses, we found telling explanations:
Our takeaway is that most shadow IT isn't adversarial. It's users working around slow or unclear processes to do their jobs better. Which means the solution isn't stricter control, it's designing systems that don't get in their way.
Yes, shadow IT introduces risk. But the impact goes far beyond security breaches or noncompliance.
Beyond visibility, several respondents pointed to direct financial impacts:
Shadow IT is a visibility problem first, but it quickly becomes a financial one. The hidden cost of untracked software adds up, exposing inefficiencies not just in security posture, but in spend management and procurement.
There was one category of tools that came up more than any other in open responses: AI.
Whether it's ChatGPT, browser extensions, note-taking apps, or meeting recorders, 44% of respondents pointed to AI tools as the most common form of shadow IT in their organizations.
That's not surprising. AI tools are easy to access, hard to monitor, and often operate in gray areas of policy. They're fast-moving, viral, and in many cases, genuinely helpful, which is exactly what makes them hard to manage.
AI is now the frontline of shadow IT. If you don't have a clear policy for AI usage, you already have a shadow AI policy—you just didn't write it.
We wanted to know how IT teams respond when shadow IT surfaces and whether they see it as something to shut down or something to work with.
Here’s what they told us:
This reflects a shift from reactive enforcement to more thoughtful decision-making. And many teams are backing that up with real process:
Instead of defaulting to "no," the best IT teams are designing decision paths that scale. As one respondent shared, "We allow employees to put tools and apps through our procurement process so they get a fair chance."
So what's actually making a difference? Respondents shared the tactics that help them stay ahead of shadow IT:
Visibility and monitoring tools:
Process improvements:
Communication strategies:
But not everyone has figured it out:
The most effective teams combine monitoring with communication, documentation, and shared ownership. Technology helps, but culture closes the gap.
Perhaps the most significant finding from our survey is that shadow IT often reveals process gaps that lead to meaningful improvements.
Nearly half (49.6%) of respondents reported that shadow IT had revealed process or policy gaps that prompted changes in their organization.
Another 25.7% recognized gaps but haven't adapted yet.
If Shadow IT keeps showing up, it might not be a problem to control. It might be a message you need to listen to. Every unauthorized install represents an opportunity to ask:
Shadow IT isn't going away. If anything, it's becoming more complex—as AI tools proliferate, as teams adopt new workflows, and as users continue to expect flexibility.
But what our survey surfaced is clear: the real challenge isn't just unapproved tools. It's unexamined processes.
IT teams that treat shadow IT as feedback rather than failure are better positioned to adapt to changing technology landscapes. This means:
The most telling statistic?
Only 9% of organizations outright deny requests for unsanctioned tools. A dramatic shift from IT's historical stance. Today's IT leaders recognize that their role isn't to be the "Department of No" but to be strategic partners in enabling secure, productive work.
So the next time an app shows up outside your sanctioned list, don't just block it. Start a conversation. Ask what problem it's solving. Then ask whether your current systems are solving it too.
Because shadow IT isn't a threat to avoid. It's a signal to evolve.
This article is based on survey data from 115 IT professionals across various organization sizes and roles, collected by Kandji in 2025.