There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of what applications were purchased and who was granted access and that minimal adoption occurred without their knowledge.
Those were the days when centralized IT was the norm, and the idea of business-led technology acquisition wasn’t thought to be realistic. “Not happening in my backyard,” was the belief (if not the policy).
As the pandemic drove companies to adopt cloud apps so that remote workforces could continue to do their jobs – and as employees necessarily became more independent and felt empowered to purchase the apps they wanted – the awareness of shadow IT’s existence changed.
Organizations today are very aware that shadow IT exists in their “backyard”, and that the more unknown apps and uncontrolled access they have, the bigger their attack surface is. But they’re still surprised that they often have 2 times or more cloud apps than they believe they have.