Shadow IT has always been framed as a problem to solve—unauthorized tools, security risks, employees going rogue. But when we surveyed 115 IT professionals about how Shadow IT actually shows up in their organizations, we found a very different story. It's not rebellion. It's friction.
The Real Drivers
When we asked why employees use unauthorized tools, the responses challenged the traditional narrative:
- 72% said it's caused by lack of policy awareness
- 59% said users prefer familiar tools
- 49% pointed to speed and efficiency
- Another 49% highlighted provisioning gaps
The open-ended responses were even more telling:
"It's easier to ask forgiveness than wait for approval."
"When they are aware of policy, it is a desire to avoid asking or working with IT, in order to avoid an answer of no."
This isn't users intentionally breaking rules. It's users working around slow or unclear processes to do their jobs better.
The AI Factor
One category dominated: AI tools. Whether it's ChatGPT, browser extensions, note-taking apps, or meeting recorders, 44% of respondents pointed to AI tools as the most common form of Shadow IT.
That makes sense. AI tools are easy to access, hard to monitor, and often operate in policy gray areas. They're fast-moving, viral, and genuinely helpful—which is exactly what makes them hard to manage.
If you don't have a clear policy for AI usage, you already have a shadow AI policy. You just didn't write it.
How Teams Are Actually Responding
Here's the encouraging part: IT teams are evolving their approach. Instead of defaulting to "no," successful teams are designing decision paths that scale:
- 68% said they respond based on context and the tool
- 48% try to find a compromise
- Only 9% go with a blanket denial
Nearly half reported that Shadow IT had revealed process gaps that prompted changes in their organization.
The Shift
Every unauthorized install represents an opportunity to ask: Why wasn't this tool available through sanctioned channels? What friction in our approval process led to this workaround? Which user needs aren't being met?
The next time an app shows up outside your sanctioned list, don't just block it. Start a conversation. Ask what problem it's solving. Then ask whether your current systems are solving it too.
Because Shadow IT isn't a threat to avoid. It's a signal to evolve.
More from this week:
🎧 Patch Me If You Can: AI Driven IT for Less Toil with Emanuele Sparvoli, Director of IT at Intercom
In this episode, Kane chats about the toughest challenges in modern security, drawing on his experience at Shopify, Atlassian, and the UK government to share actionable strategies and career insights.
⚡ TIL: How Kandji Makes Managing iPad Layouts Easy for Teams
Tired of chaotic iPad home screens? In this episode, we show how Kandji helps IT bring order to the mess—no manual sorting required. Watch as Andy uses Home Screen Layout to streamline app placement, create folders, and deploy clean, consistent layouts for construction teams in seconds.