Shadow IT Discovery: Uncovering Hidden Applications in Your Business

Learn how to identify and manage shadow IT applications that create security risks, inflate costs, and fragment your technology landscape.

The Shadow IT Problem

What is Shadow IT?

Shadow IT refers to applications, services, and tools used within an organisation without the knowledge or approval of the IT department. This includes SaaS subscriptions purchased on corporate credit cards, free tools signed up with company email addresses, and personal applications used for work purposes.

The Scale of the Problem:

• Employees use 2-3x more apps than IT is aware of
• 80% of workers admit to using unapproved SaaS applications
• Average department has 5-10 shadow IT applications
• 35% of enterprise SaaS spending is on shadow IT
• Most SMEs have no visibility into their true application landscape

Why Shadow IT Happens

Common Drivers:

• IT approval processes are too slow or complex
• Approved tools don't meet specific needs
• Employees find better or easier alternatives
• Departmental budgets allow independent purchases
• Free trials convert to paid subscriptions without oversight
• Remote work increased adoption of personal tools

Risks of Unmanaged Shadow IT

Security Risks:

• Sensitive data stored in unsecured applications
• No centralised access control or identity management
• Unpatched vulnerabilities in unmonitored software
• Data breaches through compromised shadow services
• Non-compliance with data protection regulations

Financial Risks:

• Duplicate licenses for overlapping functionality
• No volume discount leverage across the organisation
• Abandoned subscriptions continue billing
• No visibility into total software spending
• Unplanned renewal charges

Operational Risks:

• Data silos prevent cross-functional visibility
• No integration with core business systems
• Knowledge locked in individual tools
• No backup or disaster recovery coverage
• Employee departure causes data and access loss

Discovery Methods

Network and DNS Analysis

Approach:

• Monitor outbound network traffic for SaaS connections
• Analyse DNS queries to identify cloud service usage
• Review firewall logs for unknown application traffic
• Track SSL/TLS certificate connections
• Map traffic patterns to known SaaS domains

Tools:

• Network monitoring solutions (PRTG, Zabbix)
• Cloud access security brokers (CASBs)
• DNS filtering services (Cloudflare Gateway, Cisco Umbrella)
• Web proxy logs analysis
• Endpoint monitoring agents

Financial Audit

Approach:

• Review credit card statements for SaaS charges
• Analyse expense reports for software subscriptions
• Check department budgets for technology spending
• Review procurement requests and purchase orders
• Identify recurring vendor payments

What to Look For:

• Monthly or annual subscription charges
• Per-user or per-seat pricing patterns
• Foreign currency charges (common for global SaaS)
• Small charges that may indicate free-tier upgrades
• Charges from unknown vendors

Employee Surveys and Interviews

Approach:

• Survey all departments about tools they use daily
• Interview team leads about department-specific applications
• Ask about workarounds for approved tool limitations
• Understand collaboration tools used across teams
• Identify tools used by contractors and freelancers

Survey Questions:

• What applications do you use daily that aren't on the company portal?
• What tools do you use to share files with external stakeholders?
• What communication tools does your team prefer?
• What applications did you sign up for with your work email?
• What free tools do you use to complete work tasks?

SSO and Email Domain Audit

Approach:

• Review all applications registered with company email domains
• Check SSO provider for connected applications
• Audit OAuth permissions granted by employees
• Review browser extension installations
• Analyse email for SaaS onboarding and renewal notifications

Building a Shadow IT Governance Framework

Bring into the Light, Not into Punishment

Key Principles:

• Shadow IT exists because of unmet needs
• Punishing users drives applications further underground
• Focus on understanding needs and providing approved alternatives
• Create fast-track approval processes for new tools
• Empower departments while maintaining governance

Approved Application Catalogue

Creating a Self-Service Portal:

• Categorise approved applications by function
• Provide comparison guides for common categories
• Include pricing and licensing information
• Offer easy request processes for new tools
• Maintain user ratings and reviews

Rapid Evaluation Process

Streamlined Approval (Target: 5 business days):

• Standard security questionnaire for vendors
• Automated compliance checking
• Quick technical compatibility assessment
• Clear approval authority and escalation
• Fast procurement and provisioning

Ongoing Monitoring

Continuous Discovery:

• Monthly network scan for new SaaS usage
• Quarterly financial audits for new subscriptions
• Annual employee survey on tool usage
• Real-time alerting for new high-risk applications
• Dashboard visibility for IT and business leadership

Action Plan

Week 1-2: Initial Discovery

• [ ] Conduct financial audit of all software spending
• [ ] Run network analysis to identify SaaS traffic
• [ ] Survey departments about application usage
• [ ] Audit email domain registrations and SSO connections
• [ ] Compile complete shadow IT inventory

Week 3-4: Risk Assessment and Prioritisation

• [ ] Assess security risk for each discovered application
• [ ] Identify applications with sensitive data exposure
• [ ] Calculate total shadow IT spending
• [ ] Map functionality overlaps with approved applications
• [ ] Prioritise applications for governance action

Month 2: Governance Implementation

• [ ] Create approved application catalogue
• [ ] Establish rapid evaluation and approval process
• [ ] Communicate governance policy to all employees
• [ ] Begin migrating high-risk shadow applications
• [ ] Set up ongoing monitoring and alerting

Shadow IT is a symptom of unmet technology needs. By discovering hidden applications, understanding why they were adopted, and creating faster, more responsive IT governance, you can bring shadow IT under control while ensuring employees have the tools they need to be productive.